authentification sans Devise

Gemfile

@@ -34,7 +34,7 @@ gem "redis", "~> 4.0"
 # gem "kredis"
 
 # Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
-# gem "bcrypt", "~> 3.1.7"
+gem "bcrypt", "~> 3.1.7"
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem "tzinfo-data", platforms: %i[ mingw mswin x64_mingw jruby ]
@@ -53,8 +53,6 @@ gem "heroicon"
 # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
 # gem "image_processing", "~> 1.2"
 
-gem 'devise'
-
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", platforms: %i[ mri mingw x64_mingw ]

Gemfile.lock

@@ -89,12 +89,6 @@ GEM
     debug (1.4.0)
       irb (>= 1.3.6)
       reline (>= 0.2.7)
-    devise (4.8.1)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
     digest (3.1.0)
     erubi (1.10.0)
     globalid (1.0.0)
@@ -142,7 +136,6 @@ GEM
     nio4r (2.5.8)
     nokogiri (1.13.1-x86_64-linux)
       racc (~> 1.4)
-    orm_adapter (0.5.0)
     parallel (1.21.0)
     parser (3.1.0.0)
       ast (~> 2.4.1)
@@ -185,9 +178,6 @@ GEM
     regexp_parser (2.2.0)
     reline (0.3.1)
       io-console (~> 0.5)
-    responders (3.0.1)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
     rexml (3.2.5)
     rubocop (1.25.0)
       parallel (~> 1.10)
@@ -233,8 +223,6 @@ GEM
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.1.0)
-    warden (1.2.9)
-      rack (>= 2.0.9)
     web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -255,10 +243,10 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   bootsnap
   capybara
   debug
-  devise
   heroicon
   importmap-rails
   jbuilder

app/controllers/accounts_controller.rb

@@ -0,0 +1,57 @@
+class AccountsController < ApplicationController
+  before_action :authenticate_user!, only: [:edit, :destroy, :update]
+  before_action :redirect_if_authenticated, only: [:create, :new]
+
+  def create
+    @user = User.new(create_user_params)
+    if @user.save
+      @user.send_confirmation_email!
+      redirect_to root_path, notice: "Please check your email for confirmation instructions."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    current_user.destroy
+    reset_session
+    redirect_to root_path, notice: "Your account has been deleted."
+  end
+
+  def edit
+    @user = current_user
+  end
+
+  def new
+    @user = User.new
+  end
+
+  def update
+    @user = current_user
+    if @user.authenticate(params[:user][:current_password])
+      if @user.update(update_user_params)
+        if params[:user][:unconfirmed_email].present?
+          @user.send_confirmation_email!
+          redirect_to root_path, notice: "Check your email for confirmation instructions."
+        else
+          redirect_to root_path, notice: "Account updated."
+        end
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    else
+      flash.now[:error] = "Incorrect password"
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def create_user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
+
+  def update_user_params
+    params.require(:user).permit(:current_password, :password, :password_confirmation, :unconfirmed_email)
+  end
+end

app/controllers/application_controller.rb

@@ -1,17 +1,3 @@
 class ApplicationController < ActionController::Base
-  before_action :authenticate_user!
-  before_action :configure_permitted_parameters, if: :devise_controller?
-
-  protected
-
-  def configure_permitted_parameters
-    devise_parameter_sanitizer.permit(:sign_up, keys: [:display_name])
-    devise_parameter_sanitizer.permit(:account_update, keys: [:display_name])
-  end
-
-  # Uncomment for redirect after login
-  def after_sign_in_path_for(resource)
-  # return the path based on resource
-    '/checks'
-  end
+  include Authentication
 end

app/controllers/concerns/authentication.rb

@@ -0,0 +1,59 @@
+module Authentication
+    extend ActiveSupport::Concern
+  
+    included do
+      before_action :current_user
+      helper_method :current_user
+      helper_method :user_signed_in?
+    end
+  
+    def authenticate_user!
+      store_location
+      redirect_to login_path, alert: "You need to login to access that page." unless user_signed_in?
+    end
+  
+    def login(user)
+      reset_session
+      user.regenerate_session_token
+      session[:current_user_session_token] = user.reload.session_token
+    end
+  
+    def forget(user)
+      cookies.delete :remember_token
+      user.regenerate_remember_token
+    end
+  
+    def logout
+      user = current_user
+      reset_session
+      user.regenerate_session_token
+    end
+  
+    def redirect_if_authenticated
+      redirect_to root_path, alert: "You are already logged in." if user_signed_in?
+    end
+  
+    def remember(user)
+      user.regenerate_remember_token
+      cookies.permanent.encrypted[:remember_token] = user.remember_token
+    end
+  
+    def store_location
+      session[:user_return_to] = request.original_url if request.get? && request.local?
+    end
+  
+    private
+  
+    def current_user
+      Current.user ||= if session[:current_user_session_token].present?
+        User.find_by(session_token: session[:current_user_session_token])
+      elsif cookies.permanent.encrypted[:remember_token].present?
+        User.find_by(remember_token: cookies.permanent.encrypted[:remember_token])
+      end
+    end
+  
+    def user_signed_in?
+      Current.user.present?
+    end
+  end
+  

app/controllers/confirmations_controller.rb

@@ -0,0 +1,28 @@
+class ConfirmationsController < ApplicationController
+
+  def create
+    @user = User.find_by(email: params[:user][:email].downcase)
+
+    if @user.present? && @user.unconfirmed?
+      redirect_to root_path, notice: "Check your email for confirmation instructions."
+    else
+      redirect_to new_confirmation_path, alert: "We could not find a user with that email or that email has already been confirmed."
+    end
+  end
+
+  def edit
+    @user = User.find_signed(params[:confirmation_token], purpose: :confirm_email)
+
+    if @user.present?
+      @user.confirm!
+      redirect_to root_path, notice: "Your account has been confirmed."
+    else
+      redirect_to new_confirmation_path, alert: "Invalid token."
+    end
+  end
+
+  def new
+    @user = User.new
+  end
+
+end

app/controllers/pages_controller.rb

@@ -1,4 +0,0 @@
-class PagesController < ApplicationController
-  def home
-  end
-end

app/controllers/passwords_controller.rb

@@ -0,0 +1,53 @@
+class PasswordsController < ApplicationController
+    before_action :redirect_if_authenticated
+  
+    def create
+      @user = User.find_by(email: params[:user][:email].downcase)
+      if @user.present?
+        if @user.confirmed?
+          @user.send_password_reset_email!
+          redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
+        else
+          redirect_to new_confirmation_path, alert: "Please confirm your email first."
+        end
+      else
+        redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
+      end
+    end
+  
+    def edit
+      @user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
+      if @user.present? && @user.unconfirmed?
+        redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
+      elsif @user.nil?
+        redirect_to new_password_path, alert: "Invalid or expired token."
+      end
+    end
+  
+    def new
+    end
+  
+    def update
+      @user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
+      if @user
+        if @user.unconfirmed?
+          redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
+        elsif @user.update(password_params)
+          redirect_to login_path, notice: "Sign in."
+        else
+          flash.now[:alert] = @user.errors.full_messages.to_sentence
+          render :edit, status: :unprocessable_entity
+        end
+      else
+        flash.now[:alert] = "Invalid or expired token."
+        render :new, status: :unprocessable_entity
+      end
+    end
+  
+    private
+  
+    def password_params
+      params.require(:user).permit(:password, :password_confirmation)
+    end
+  end
+  

app/controllers/sessions_controller.rb

@@ -0,0 +1,31 @@
+class SessionsController < ApplicationController
+    before_action :redirect_if_authenticated, only: [:create, :new]
+    before_action :authenticate_user!, only: [:destroy]
+  
+    def create
+      @user = User.authenticate_by(email: params[:user][:email].downcase, password: params[:user][:password])
+      if @user
+        if @user.unconfirmed?
+          redirect_to new_confirmation_path, alert: "Incorrect email or password."
+        else
+          after_login_path = session[:user_return_to] || root_path
+          login @user
+          remember(@user) if params[:user][:remember_me] == "1"
+          redirect_to after_login_path, notice: "Signed in."
+        end
+      else
+        flash.now[:alert] = "Incorrect email or password."
+        render :new, status: :unprocessable_entity
+      end
+    end
+  
+    def destroy
+      forget(current_user)
+      logout
+      redirect_to root_path, notice: "Signed out."
+    end
+  
+    def new
+    end
+  end
+  

app/controllers/static_pages_controller.rb

@@ -0,0 +1,4 @@
+class StaticPagesController < ApplicationController
+  def home
+  end
+end

app/controllers/users_controller.rb

@@ -1,70 +0,0 @@
-class UsersController < ApplicationController
-  before_action :set_user, only: %i[ show edit update destroy ]
-
-  # GET /users or /users.json
-  def index
-    @users = User.all
-  end
-
-  # GET /users/1 or /users/1.json
-  def show
-  end
-
-  # GET /users/new
-  def new
-    @user = User.new
-  end
-
-  # GET /users/1/edit
-  def edit
-  end
-
-  # POST /users or /users.json
-  def create
-    @user = User.new(user_params)
-
-    respond_to do |format|
-      if @user.save
-        format.html { redirect_to user_url(@user), notice: "User was successfully created." }
-        format.json { render :show, status: :created, location: @user }
-      else
-        format.html { render :new, status: :unprocessable_entity }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # PATCH/PUT /users/1 or /users/1.json
-  def update
-    respond_to do |format|
-      if @user.update(user_params)
-        format.html { redirect_to user_url(@user), notice: "User was successfully updated." }
-        format.json { render :show, status: :ok, location: @user }
-      else
-        format.html { render :edit, status: :unprocessable_entity }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
-    end
-  end
-
-  # DELETE /users/1 or /users/1.json
-  def destroy
-    @user.destroy
-
-    respond_to do |format|
-      format.html { redirect_to users_url, notice: "User was successfully destroyed." }
-      format.json { head :no_content }
-    end
-  end
-
-  private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_user
-      @user = User.find(params[:id])
-    end
-
-    # Only allow a list of trusted parameters through.
-    def user_params
-      params.fetch(:user, {})
-    end
-end

app/helpers/confirmations_helper.rb

@@ -0,0 +1,2 @@
+module ConfirmationsHelper
+end

app/helpers/heroicon_helper.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HeroiconHelper
-    include Heroicon::Engine.helpers
-  end
+  include Heroicon::Engine.helpers
+end

app/helpers/pages_helper.rb

@@ -1,2 +0,0 @@
-module PagesHelper
-end

app/helpers/passwords_helper.rb

@@ -0,0 +1,2 @@
+module PasswordsHelper
+end

app/helpers/sessions_helper.rb

@@ -0,0 +1,2 @@
+module SessionsHelper
+end

app/helpers/static_pages_helper.rb

@@ -0,0 +1,2 @@
+module StaticPagesHelper
+end

app/mailers/user_mailer.rb

@@ -0,0 +1,22 @@
+class UserMailer < ApplicationMailer
+  default from: User::MAILER_FROM_EMAIL
+
+  # Subject can be set in your I18n file at config/locales/en.yml
+  # with the following lookup:
+  #
+  #   en.user_mailer.confirmation.subject
+  #
+  def confirmation(user, confirmation_token)
+    @user = user
+    @confirmation_token = confirmation_token
+
+    mail to: @user.confirmable_email, subject: "Confirmation Instructions"
+  end
+
+  def password_reset(user, password_reset_token)
+    @user = user
+    @password_reset_token = password_reset_token
+
+    mail to: @user.email, subject: "Password Reset Instructions"
+  end
+end

app/models/current.rb

@@ -0,0 +1,3 @@
+class Current < ActiveSupport::CurrentAttributes
+  attribute :user
+end

app/models/user.rb

@@ -1,6 +1,96 @@
 class User < ApplicationRecord
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :validatable, :trackable
+  CONFIRMATION_TOKEN_EXPIRATION = 10.minutes
+  PASSWORD_RESET_TOKEN_EXPIRATION = 10.minutes
+  MAILER_FROM_EMAIL = "no-reply@example.com"
+
+  attr_accessor :current_password
+
+  has_secure_password
+  has_secure_token :remember_token
+  has_secure_token :session_token
+
+  before_save :downcase_email
+  before_save :downcase_unconfirmed_email
+
+  validates :email, format: {with: URI::MailTo::EMAIL_REGEXP}, presence: true, uniqueness: true
+  validates :unconfirmed_email, format: {with: URI::MailTo::EMAIL_REGEXP, allow_blank: true}
+
+  def self.authenticate_by(attributes)
+    passwords, identifiers = attributes.to_h.partition do |name, value|
+      !has_attribute?(name) && has_attribute?("#{name}_digest")
+    end.map(&:to_h)
+
+    raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+    raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+    if (record = find_by(identifiers))
+      record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size
+    else
+      new(passwords)
+      nil
+    end
+  end
+
+  def confirm!
+    if unconfirmed_or_reconfirming?
+      if unconfirmed_email.present?
+        return false unless update(email: unconfirmed_email, unconfirmed_email: nil)
+      end
+      update_columns(confirmed_at: Time.current)
+    else
+      false
+    end
+  end
+
+  def confirmed?
+    confirmed_at.present?
+  end
+
+  def confirmable_email
+    if unconfirmed_email.present?
+      unconfirmed_email
+    else
+      email
+    end
+  end
+
+  def generate_confirmation_token
+    signed_id expires_in: CONFIRMATION_TOKEN_EXPIRATION, purpose: :confirm_email
+  end
+
+  def generate_password_reset_token
+    signed_id expires_in: PASSWORD_RESET_TOKEN_EXPIRATION, purpose: :reset_password
+  end
+
+  def send_confirmation_email!
+    confirmation_token = generate_confirmation_token
+    UserMailer.confirmation(self, confirmation_token).deliver_now
+  end
+
+  def send_password_reset_email!
+    password_reset_token = generate_password_reset_token
+    UserMailer.password_reset(self, password_reset_token).deliver_now
+  end
+
+  def reconfirming?
+    unconfirmed_email.present?
+  end
+
+  def unconfirmed?
+    !confirmed?
+  end
+
+  def unconfirmed_or_reconfirming?
+    unconfirmed? || reconfirming?
+  end
+
+  private
+
+  def downcase_email
+    self.email = email.downcase
+  end
+
+  def downcase_unconfirmed_email
+    return if unconfirmed_email.nil?
+    self.unconfirmed_email = unconfirmed_email.downcase
+  end
 end

app/views.old/confirmations/new.html.erb

@@ -0,0 +1,5 @@
+<!-- app/views/confirmations/new.html.erb -->
+<%= form_with model: @user, url: confirmations_path do |form| %>
+  <%= form.email_field :email, required: true %>
+  <%= form.submit "Confirm Email" %>
+<% end %>

app/views.old/layouts/application.html.erb

@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html class="h-full bg-gray-100">
+  <head>
+    <title>Evocheck</title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+    <%= stylesheet_link_tag "tailwind", "inter-font", "data-turbo-track": "reload" %>
+
+    <%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
+    <%= javascript_importmap_tags %>
+  </head>
+
+  <body class="h-full">
+    <div class="min-h-full">
+      <% if user_signed_in? %>
+        <%= render partial: "shared/main_nav_signed_in" %>
+      <% else %>
+        <%= render partial: "shared/main_nav_signed_out" %>
+      <% end %>
+
+      <div class="py-10">
+        <main>
+          <div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
+            <% if notice.present? %>
+              <!-- This example requires Tailwind CSS v2.0+ -->
+              <div class="rounded-md bg-yellow-50 p-4" data-controller="notification" data-notification-target="notificationWrapper">
+                <div class="flex">
+                  <div class="flex-shrink-0">
+                    <%= heroicon "check-circle", variant: :solid, options: { class: "h-5 w-5 text-yellow-400" } %>
+                  </div>
+                  <div class="ml-3">
+                    <p class="text-sm font-medium text-yellow-800">
+                      <%= notice %>
+                    </p>
+                  </div>
+                  <div class="ml-auto pl-3">
+                    <div class="-mx-1.5 -my-1.5">
+                      <button type="button" class="inline-flex bg-yellow-50 rounded-md p-1.5 text-yellow-500 hover:bg-yellow-100 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-offset-yellow-50 focus:ring-yellow-600" data-action="click->notification#dismiss">
+                        <span class="sr-only">Dismiss</span>
+                        <%= heroicon "x", variant: :solid, options: { class: "h-5 w-5" } %>
+                      </button>
+                    </div>
+                  </div>
+                </div>
+              </div>
+            <% end %>
+            <% if alert.present? %>
+              <!-- This example requires Tailwind CSS v2.0+ -->
+              <div class="rounded-md bg-red-50 p-4" data-controller="notification" data-notification-target="notificationWrapper">
+                <div class="flex">
+                  <div class="flex-shrink-0">
+                    <%= heroicon "check-circle", variant: :solid, options: { class: "h-5 w-5 text-red-400" } %>
+                  </div>
+                  <div class="ml-3">
+                    <p class="text-sm font-medium text-red-800">
+                      <%= alert %>
+                    </p>
+                  </div>
+                  <div class="ml-auto pl-3">
+                    <div class="-mx-1.5 -my-1.5">
+                      <button type="button" class="inline-flex bg-red-50 rounded-md p-1.5 text-red-500 hover:bg-red-100 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-offset-red-50 focus:ring-red-600" data-action="click->notification#dismiss">
+                        <span class="sr-only">Dismiss</span>
+                        <%= heroicon "x", variant: :solid, options: { class: "h-5 w-5" } %>
+                      </button>
+                    </div>
+                  </div>
+                </div>
+              </div>
+            <% end %>
+
+            <%= yield %>
+
+          </div>
+        </main>
+      </div>
+
+      <div>
+        <%= controller_name %>
+      </div>
+    </div>
+  </body>
+</html>

app/views.old/layouts/mailer.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

app/views.old/layouts/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

app/views/accounts/edit.html.erb

@@ -0,0 +1,25 @@
+<%= form_with model: @user, url: account_path, method: :put do |form| %>
+  <%= render partial: "shared/form_errors", locals: { object: form.object } %>
+  <div>
+    <%= form.label :email, "Current Email" %>
+    <%= form.text_field :email, disabled: true %>
+  </div>
+  <div>
+    <%= form.label :unconfirmed_email, "New Email" %>
+    <%= form.text_field :unconfirmed_email %>
+  </div>
+  <div>
+    <%= form.label :password, "Password (leave blank if you don't want to change it)" %>
+    <%= form.password_field :password %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <hr/>
+  <div>
+    <%= form.label :current_password, "Current password (we need your current password to confirm your changes)" %>
+    <%= form.password_field :current_password, required: true %>
+  </div>
+  <%= form.submit "Update Account" %>
+<% end %>

app/views/accounts/new.html.erb

@@ -0,0 +1,16 @@
+<%= form_with model: @user, url: sign_up_path do |form| %>
+  <%= render partial: "shared/form_errors", locals: { object: form.object } %>
+  <div>
+    <%= form.label :email %>
+    <%= form.text_field :email, required: true, autofocus: true, autocomplete: "email" %>
+  </div>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, required: true, autocomplete: "new-password" %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
+  </div>
+  <%= form.submit "Sign Up" %>
+<% end %>

app/views/confirmations/new.html.erb

@@ -0,0 +1,4 @@
+<%= form_with model: @user, url: confirmations_path do |form| %>
+  <%= form.email_field :email, required: true %>
+  <%= form.submit "Confirm Email" %>
+<% end %>

app/views/passwords/edit.html.erb

@@ -0,0 +1,11 @@
+<%= form_with url: password_path(params[:password_reset_token]), scope: :user, method: :put do |form| %>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, required: true %>
+  </div>
+  <div>
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation, required: true %>
+  </div>
+  <%= form.submit "Update Password" %>
+<% end %>

app/views/passwords/new.html.erb

@@ -0,0 +1,4 @@
+<%= form_with url: passwords_path, scope: :user do |form| %>
+  <%= form.email_field :email, required: true %>
+  <%= form.submit "Reset Password" %>
+<% end %>

app/views/sessions/new.html.erb

@@ -0,0 +1,15 @@
+<%= form_with url: login_path, scope: :user do |form| %>
+  <div>
+    <%= form.label :email %>
+    <%= form.text_field :email, required: true %>
+  </div>
+  <div>
+    <%= form.label :password %>
+    <%= form.password_field :password, required: true %>
+  </div>
+  <div>
+    <%= form.label :remember_me %>
+    <%= form.check_box :remember_me %>
+  </div>
+  <%= form.submit "Sign In" %>
+<% end %>

app/views/shared/_form_errors.html.erb

@@ -0,0 +1,7 @@
+<% if object.errors.any? %>
+  <ul>
+    <% object.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>

app/views/shared/_main_menu.html.erb

@@ -5,7 +5,7 @@
 <% end %>
 
 <% if controller_name == "users" %>
-    <%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
+    <%#= link_to "Users", users_path, class: common_classes + " " + active_classes %>
 <% else %>
-    <%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
+    <%#= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
 <% end %>

app/views/shared/_main_nav_signed_in.html.erb

@@ -83,7 +83,7 @@
           <%= user_gravatar current_user, class: "h-10 w-10 rounded-full", size: 80 %>
         </div>
         <div class="ml-3">
-          <div class="text-base font-medium text-gray-800"><%= current_user.display_name.presence || "Anonymous" %></div>
+          <div class="text-base font-medium text-gray-800"><%= current_user.name.presence || "Anonymous" %></div>
           <div class="text-sm font-medium text-gray-500"><%= current_user.email %></div>
         </div>
       </div>

app/views/shared/_user_menu.html.erb

@@ -1,5 +1,5 @@
-<%= link_to "Your Profile", edit_user_registration_path(@user), class: common_classes + " " + active_classes %>    
+<%= link_to "Your Profile", account_path, class: common_classes + " " + active_classes %>    
 <%= link_to "Settings", "#", class: common_classes + " " + active_classes %>
 <div data-turbo="false">
-    <%= button_to "Sign out", destroy_user_session_path(@user), method: :delete, class: common_classes + " " + active_classes + " inline" %>
+    <%= button_to "Sign out", logout_path, method: :delete, class: common_classes + " " + active_classes + " inline" %>
 </div>

app/views/static_pages/home.html.erb

@@ -0,0 +1,14 @@
+<h1>Rails Authentication From Scratch</h1>
+
+
+      <ul>
+        <% if user_signed_in? %>
+          <li><%= link_to "My Acount", account_path %></li>
+           <li><%= button_to "Logout", logout_path, method: :delete %></li>
+        <% else %>
+           <li><%= link_to "Login", login_path %></li>
+           <li><%= link_to "Sign Up", sign_up_path %></li>
+           <li><%= link_to "Forgot my password", new_password_path %></li>
+           <li><%= link_to "Didn't receive confirmation instructions", new_confirmation_path %></li>
+        <% end %>
+      </ul>

app/views/user_mailer/confirmation.html.erb

@@ -0,0 +1,3 @@
+<h1>Confirmation Instructions</h1>
+
+<%= link_to "Click here to confirm your email.", edit_confirmation_url(@confirmation_token) %>

app/views/user_mailer/confirmation.text.erb

@@ -0,0 +1,3 @@
+Confirmation Instructions
+
+<%= edit_confirmation_url(@confirmation_token) %>

app/views/user_mailer/password_reset.html.erb

@@ -0,0 +1,3 @@
+<h1>Password Reset Instructions</h1>
+
+<%= link_to "Click here to reset your password.", edit_password_url(@password_reset_token) %>

app/views/user_mailer/password_reset.text.erb

@@ -0,0 +1,3 @@
+Password Reset Instructions
+
+<%= edit_password_url(@password_reset_token) %>

config/initializers/devise.rb

@@ -1,311 +0,0 @@
-# frozen_string_literal: true
-
-# Assuming you have not yet modified this file, each configuration option below
-# is set to its default value. Note that some are commented out while others
-# are not: uncommented lines are intended to protect your configuration from
-# breaking changes in upgrades (i.e., in the event that future versions of
-# Devise change the default values for those options).
-#
-# Use this hook to configure devise mailer, warden hooks and so forth.
-# Many of these configuration options can be set straight in your model.
-Devise.setup do |config|
-  # The secret key used by Devise. Devise uses this key to generate
-  # random tokens. Changing this key will render invalid all existing
-  # confirmation, reset password and unlock tokens in the database.
-  # Devise will use the `secret_key_base` as its `secret_key`
-  # by default. You can change it below and use your own secret key.
-  # config.secret_key = 'd021e9bb7cea4d0be9ce046f45a91fe22af54ecec95f1d002c2c03f46291795c8d525361515b06ad681f921bcd649d5527d5629245a654a419339797ff0b75df'
-
-  # ==> Controller configuration
-  # Configure the parent class to the devise controllers.
-  # config.parent_controller = 'DeviseController'
-
-  # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class
-  # with default "from" parameter.
-  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
-
-  # Configure the class responsible to send e-mails.
-  # config.mailer = 'Devise::Mailer'
-
-  # Configure the parent class responsible to send e-mails.
-  # config.parent_mailer = 'ActionMailer::Base'
-
-  # ==> ORM configuration
-  # Load and configure the ORM. Supports :active_record (default) and
-  # :mongoid (bson_ext recommended) by default. Other ORMs may be
-  # available as additional gems.
-  require 'devise/orm/active_record'
-
-  # ==> Configuration for any authentication mechanism
-  # Configure which keys are used when authenticating a user. The default is
-  # just :email. You can configure it to use [:username, :subdomain], so for
-  # authenticating a user, both parameters are required. Remember that those
-  # parameters are used only when authenticating and not when retrieving from
-  # session. If you need permissions, you should implement that in a before filter.
-  # You can also supply a hash where the value is a boolean determining whether
-  # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [:email]
-
-  # Configure parameters from the request object used for authentication. Each entry
-  # given should be a request method and it will automatically be passed to the
-  # find_for_authentication method and considered in your model lookup. For instance,
-  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
-  # The same considerations mentioned for authentication_keys also apply to request_keys.
-  # config.request_keys = []
-
-  # Configure which authentication keys should be case-insensitive.
-  # These keys will be downcased upon creating or modifying a user and when used
-  # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [:email]
-
-  # Configure which authentication keys should have whitespace stripped.
-  # These keys will have whitespace before and after removed upon creating or
-  # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [:email]
-
-  # Tell if authentication through request.params is enabled. True by default.
-  # It can be set to an array that will enable params authentication only for the
-  # given strategies, for example, `config.params_authenticatable = [:database]` will
-  # enable it only for database (email + password) authentication.
-  # config.params_authenticatable = true
-
-  # Tell if authentication through HTTP Auth is enabled. False by default.
-  # It can be set to an array that will enable http authentication only for the
-  # given strategies, for example, `config.http_authenticatable = [:database]` will
-  # enable it only for database authentication.
-  # For API-only applications to support authentication "out-of-the-box", you will likely want to
-  # enable this with :database unless you are using a custom strategy.
-  # The supported strategies are:
-  # :database      = Support basic authentication with authentication key + password
-  # config.http_authenticatable = false
-
-  # If 401 status code should be returned for AJAX requests. True by default.
-  # config.http_authenticatable_on_xhr = true
-
-  # The realm used in Http Basic Authentication. 'Application' by default.
-  # config.http_authentication_realm = 'Application'
-
-  # It will change confirmation, password recovery and other workflows
-  # to behave the same regardless if the e-mail provided was right or wrong.
-  # Does not affect registerable.
-  # config.paranoid = true
-
-  # By default Devise will store the user in session. You can skip storage for
-  # particular strategies by setting this option.
-  # Notice that if you are skipping storage for all authentication paths, you
-  # may want to disable generating routes to Devise's sessions controller by
-  # passing skip: :sessions to `devise_for` in your config/routes.rb
-  config.skip_session_storage = [:http_auth]
-
-  # By default, Devise cleans up the CSRF token on authentication to
-  # avoid CSRF token fixation attacks. This means that, when using AJAX
-  # requests for sign in and sign up, you need to get a new CSRF token
-  # from the server. You can disable this option at your own risk.
-  # config.clean_up_csrf_token_on_authentication = true
-
-  # When false, Devise will not attempt to reload routes on eager load.
-  # This can reduce the time taken to boot the app but if your application
-  # requires the Devise mappings to be loaded during boot time the application
-  # won't boot properly.
-  # config.reload_routes = true
-
-  # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 12. If
-  # using other algorithms, it sets how many times you want the password to be hashed.
-  # The number of stretches used for generating the hashed password are stored
-  # with the hashed password. This allows you to change the stretches without
-  # invalidating existing passwords.
-  #
-  # Limiting the stretches to just one in testing will increase the performance of
-  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments. Note that, for bcrypt (the default
-  # algorithm), the cost increases exponentially with the number of stretches (e.g.
-  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 12
-
-  # Set up a pepper to generate the hashed password.
-  # config.pepper = '625a3407b7ca59033b862bca1ce3c7f8bb42622d936e2f5d0caf77fac5570259da874b64e261cb7458edaaa66320d6ce902c482b11438a02abb8bec0d98f9a3d'
-
-  # Send a notification to the original email when the user's email is changed.
-  # config.send_email_changed_notification = false
-
-  # Send a notification email when the user's password is changed.
-  # config.send_password_change_notification = false
-
-  # ==> Configuration for :confirmable
-  # A period that the user is allowed to access the website even without
-  # confirming their account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming their account,
-  # access will be blocked just in the third day.
-  # You can also set it to nil, which will allow the user to access the website
-  # without confirming their account.
-  # Default is 0.days, meaning the user cannot access the website without
-  # confirming their account.
-  # config.allow_unconfirmed_access_for = 2.days
-
-  # A period that the user is allowed to confirm their account before their
-  # token becomes invalid. For example, if set to 3.days, the user can confirm
-  # their account within 3 days after the mail was sent, but on the fourth day
-  # their account can't be confirmed with the token any more.
-  # Default is nil, meaning there is no restriction on how long a user can take
-  # before confirming their account.
-  # config.confirm_within = 3.days
-
-  # If true, requires any email changes to be confirmed (exactly the same way as
-  # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed, new email is stored in
-  # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = true
-
-  # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [:email]
-
-  # ==> Configuration for :rememberable
-  # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
-
-  # Invalidates all the remember me tokens when the user signs out.
-  config.expire_all_remember_me_on_sign_out = true
-
-  # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
-
-  # Options to be passed to the created cookie. For instance, you can set
-  # secure: true in order to force SSL only cookies.
-  # config.rememberable_options = {}
-
-  # ==> Configuration for :validatable
-  # Range for password length.
-  config.password_length = 6..128
-
-  # Email regex used to validate email formats. It simply asserts that
-  # one (and only one) @ exists in the given string. This is mainly
-  # to give user feedback and not to assert the e-mail validity.
-  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
-
-  # ==> Configuration for :timeoutable
-  # The time you want to timeout the user session without activity. After this
-  # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
-
-  # ==> Configuration for :lockable
-  # Defines which strategy will be used to lock an account.
-  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
-  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
-
-  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [:email]
-
-  # Defines which strategy will be used to unlock an account.
-  # :email = Sends an unlock link to the user email
-  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
-  # :both  = Enables both strategies
-  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
-
-  # Number of authentication tries before locking an account if lock_strategy
-  # is failed attempts.
-  # config.maximum_attempts = 20
-
-  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
-
-  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = true
-
-  # ==> Configuration for :recoverable
-  #
-  # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [:email]
-
-  # Time interval you can reset your password with a reset password key.
-  # Don't put a too small interval or your users won't have the time to
-  # change their passwords.
-  config.reset_password_within = 6.hours
-
-  # When set to false, does not sign a user in automatically after their password is
-  # reset. Defaults to true, so a user is signed in automatically after a reset.
-  # config.sign_in_after_reset_password = true
-
-  # ==> Configuration for :encryptable
-  # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
-  # You can use :sha1, :sha512 or algorithms from others authentication tools as
-  # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
-  # for default behavior) and :restful_authentication_sha1 (then you should set
-  # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
-  #
-  # Require the `devise-encryptable` gem when using anything other than bcrypt
-  # config.encryptor = :sha512
-
-  # ==> Scopes configuration
-  # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "users/sessions/new". It's turned off by default because it's slower if you
-  # are using only default views.
-  # config.scoped_views = false
-
-  # Configure the default scope given to Warden. By default it's the first
-  # devise role declared in your routes (usually :user).
-  # config.default_scope = :user
-
-  # Set this configuration to false if you want /users/sign_out to sign out
-  # only the current scope. By default, Devise signs out all scopes.
-  # config.sign_out_all_scopes = true
-
-  # ==> Navigation configuration
-  # Lists the formats that should be treated as navigational. Formats like
-  # :html, should redirect to the sign in page when the user does not have
-  # access, but formats like :xml or :json, should return 401.
-  #
-  # If you have any extra navigational formats, like :iphone or :mobile, you
-  # should add them to the navigational formats lists.
-  #
-  # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ['*/*', :html]
-
-  # The default HTTP method used to sign out a resource. Default is :delete.
-  config.sign_out_via = :delete
-
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-
-  # ==> Warden configuration
-  # If you want to use other strategies, that are not supported by Devise, or
-  # change the failure app, you can configure them inside the config.warden block.
-  #
-  # config.warden do |manager|
-  #   manager.intercept_401 = false
-  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
-  # end
-
-  # ==> Mountable engine configurations
-  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
-  # is mountable, there are some extra configurations to be taken into account.
-  # The following options are available, assuming the engine is mounted as:
-  #
-  #     mount MyEngine, at: '/my_engine'
-  #
-  # The router that invoked `devise_for`, in the example above, would be:
-  # config.router_name = :my_engine
-  #
-  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
-  # so you need to do it manually. For the users scope, it would be:
-  # config.omniauth_path_prefix = '/my_engine/users/auth'
-
-  # ==> Turbolinks configuration
-  # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly:
-  #
-  # ActiveSupport.on_load(:devise_failure_app) do
-  #   include Turbolinks::Controller
-  # end
-
-  # ==> Configuration for :registerable
-
-  # When set to false, does not sign a user in automatically after their password is
-  # changed. Defaults to true, so a user is signed in automatically after changing a password.
-  # config.sign_in_after_change_password = true
-end

config/locales/devise.en.yml

@@ -1,65 +0,0 @@
-# Additional translations at https://github.com/heartcombo/devise/wiki/I18n
-
-en:
-  devise:
-    confirmations:
-      confirmed: "Your email address has been successfully confirmed."
-      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
-      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
-    failure:
-      already_authenticated: "You are already signed in."
-      inactive: "Your account is not activated yet."
-      invalid: "Invalid %{authentication_keys} or password."
-      locked: "Your account is locked."
-      last_attempt: "You have one more attempt before your account is locked."
-      not_found_in_database: "Invalid %{authentication_keys} or password."
-      timeout: "Your session expired. Please sign in again to continue."
-      unauthenticated: "You need to sign in or sign up before continuing."
-      unconfirmed: "You have to confirm your email address before continuing."
-    mailer:
-      confirmation_instructions:
-        subject: "Confirmation instructions"
-      reset_password_instructions:
-        subject: "Reset password instructions"
-      unlock_instructions:
-        subject: "Unlock instructions"
-      email_changed:
-        subject: "Email Changed"
-      password_change:
-        subject: "Password Changed"
-    omniauth_callbacks:
-      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
-      success: "Successfully authenticated from %{kind} account."
-    passwords:
-      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
-      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      updated: "Your password has been changed successfully. You are now signed in."
-      updated_not_active: "Your password has been changed successfully."
-    registrations:
-      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
-      signed_up: "Welcome! You have signed up successfully."
-      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
-      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
-      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
-      updated: "Your account has been updated successfully."
-      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again."
-    sessions:
-      signed_in: "Signed in successfully."
-      signed_out: "Signed out successfully."
-      already_signed_out: "Signed out successfully."
-    unlocks:
-      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
-      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
-      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
-  errors:
-    messages:
-      already_confirmed: "was already confirmed, please try signing in"
-      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
-      expired: "has expired, please request a new one"
-      not_found: "not found"
-      not_locked: "was not locked"
-      not_saved:
-        one: "1 error prohibited this %{resource} from being saved:"
-        other: "%{count} errors prohibited this %{resource} from being saved:"

config/routes.rb

@@ -1,18 +1,22 @@
 Rails.application.routes.draw do
-  devise_for :users
-  # devise_for :users, skip: [:sessions]
-  # as :user do
-  #   get 'signin', to: 'devise/sessions#new', as: :new_user_session
-  #   post 'signin', to: 'devise/sessions#create', as: :user_session
-  #   delete 'signout', to: 'devise/sessions#destroy', as: :destroy_user_session
-  # end
-  scope '/admin' do
-    resources :users
-  end
-  resources :checks
 
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
+  root "static_pages#home"
 
-  # Defines the root path route ("/")
-  root :to => "pages#home"
+  post "sign_up", to: "accounts#create"
+  get "sign_up", to: "accounts#new"
+
+  put "account", to: "accounts#update"
+  get "account", to: "accounts#edit"
+  delete "account", to: "accounts#destroy"
+
+  resources :confirmations, only: [:create, :edit, :new], param: :confirmation_token
+
+  post "login", to: "sessions#create"
+  delete "logout", to: "sessions#destroy"
+  get "login", to: "sessions#new"
+
+  resources :passwords, only: [:create, :edit, :new, :update], param: :password_reset_token
+
+  resources :checks
 end

db/migrate/20211226105150_create_users.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class CreateUsers < ActiveRecord::Migration[7.0]
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :email, null: false
+      t.string :unconfirmed_email
+
+      t.string :remember_token, null: false
+      t.string :session_token, null: false
+
+      t.string :password_digest, null: false
+      t.datetime :confirmed_at
+
+      t.timestamps
+    end
+
+    add_index :users, :email, unique: true
+    add_index :users, :remember_token, unique: true
+    add_index :users, :session_token, unique: true
+  end
+end

db/migrate/20211226105150_devise_create_users.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-class DeviseCreateUsers < ActiveRecord::Migration[7.0]
-  def change
-    create_table :users do |t|
-      ## Database authenticatable
-      t.string :email,              null: false, default: ""
-      t.string :encrypted_password, null: false, default: ""
-
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-
-      ## Rememberable
-      t.datetime :remember_created_at
-
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
-      ## Confirmable
-      # t.string   :confirmation_token
-      # t.datetime :confirmed_at
-      # t.datetime :confirmation_sent_at
-      # t.string   :unconfirmed_email # Only if using reconfirmable
-
-      ## Lockable
-      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
-      # t.string   :unlock_token # Only if unlock strategy is :email or :both
-      # t.datetime :locked_at
-
-
-      t.timestamps null: false
-    end
-
-    add_index :users, :email,                unique: true
-    add_index :users, :reset_password_token, unique: true
-    # add_index :users, :confirmation_token,   unique: true
-    # add_index :users, :unlock_token,         unique: true
-  end
-end

db/migrate/20211228170116_add_display_name_to_users.rb

@@ -1,5 +0,0 @@
-class AddDisplayNameToUsers < ActiveRecord::Migration[7.0]
-  def change
-    add_column :users, :display_name, :string
-  end
-end

db/schema.rb

@@ -10,17 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_12_28_170116) do
-
-  create_table "api_credentials", force: :cascade do |t|
-    t.string "token"
-    t.boolean "enabled"
-    t.datetime "last_used_at", precision: 6
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
-    t.index ["enabled"], name: "index_api_credentials_on_enabled"
-    t.index ["token"], name: "index_api_credentials_on_token"
-  end
+ActiveRecord::Schema.define(version: 2021_12_26_105150) do
 
   create_table "checks", force: :cascade do |t|
     t.string "name"
@@ -33,21 +23,18 @@ ActiveRecord::Schema.define(version: 2021_12_28_170116) do
   end
 
   create_table "users", force: :cascade do |t|
-    t.string "email", default: "", null: false
-    t.string "encrypted_password", default: "", null: false
-    t.string "reset_password_token"
-    t.datetime "reset_password_sent_at", precision: 6
-    t.datetime "remember_created_at", precision: 6
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at", precision: 6
-    t.datetime "last_sign_in_at", precision: 6
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
+    t.string "name"
+    t.string "email", null: false
+    t.string "unconfirmed_email"
+    t.string "remember_token", null: false
+    t.string "session_token", null: false
+    t.string "password_digest", null: false
+    t.datetime "confirmed_at", precision: 6
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
-    t.string "display_name"
     t.index ["email"], name: "index_users_on_email", unique: true
-    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+    t.index ["remember_token"], name: "index_users_on_remember_token", unique: true
+    t.index ["session_token"], name: "index_users_on_session_token", unique: true
   end
 
 end

test/controllers/confirmations_controller_test.rb

@@ -0,0 +1,7 @@
+require "test_helper"
+
+class ConfirmationsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/controllers/pages_controller_test.rb

@@ -1,8 +0,0 @@
-require "test_helper"
-
-class PagesControllerTest < ActionDispatch::IntegrationTest
-  test "should get home" do
-    get pages_home_url
-    assert_response :success
-  end
-end

test/controllers/passwords_controller_test.rb

@@ -0,0 +1,7 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/controllers/sessions_controller_test.rb

@@ -0,0 +1,7 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/controllers/static_pages_controller_test.rb

@@ -0,0 +1,8 @@
+require "test_helper"
+
+class StaticPagesControllerTest < ActionDispatch::IntegrationTest
+  test "should get home" do
+    get static_pages_home_url
+    assert_response :success
+  end
+end

test/mailers/previews/user_mailer_preview.rb

@@ -0,0 +1,4 @@
+# Preview all emails at http://localhost:3000/rails/mailers/user_mailer
+class UserMailerPreview < ActionMailer::Preview
+
+end

test/mailers/user_mailer_test.rb

@@ -0,0 +1,7 @@
+require "test_helper"
+
+class UserMailerTest < ActionMailer::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end