Basic login

app/controllers/application_controller.rb

   protect_from_forgery with: :exception
   rescue_from ActionController::InvalidAuthenticityToken, with: :invalid_auth_token
 
+  include AuthenticationHelper
+
   private
   def invalid_auth_token
     render text: "You submitted an invalid request! If you got here after clicking a link, it's possible that someone is doing something nasty!", status: 400

app/controllers/authentication_controller.rb

       u = User.find_by(email: params[:session][:email])
 
       if u && u.authenticate(params[:session][:password])
-        # TODO Login logic here
+        log_in(u, params[:session][:remember_me].to_i)
+
         flash[:success] = "Hello, #{u.person.full_name}!"
       else
         flash[:danger] = "Invalid username/password combination!"
     render layout: 'void'
   end
 
+  def login_status
+    render text: is_logged_in?
+  end
+
   def create_password
     flash[:danger] = "Not yet implemented."
     redirect_to action: 'login'
     flash[:danger] = "Not yet implemented."
     redirect_to action: 'login'
   end
+
+  private
+  def session_params
+    params.require(:session).permit(:email, :password, :remember_me)
+  end
 end

app/helpers/authentication_helper.rb

 module AuthenticationHelper
+  def log_in(user, remember, new=true)
+    reset_session
+
+    expiry = 6.hours.since
+    session[:user_id] = user.id
+    session[:expires] = expiry
+
+    if new
+      if remember == 1
+        token = Session.new_token
+        cookies.signed.permanent[:remember_token] = token
+        cookies.signed.permanent[:user_id] = user.id
+      else
+        token = nil
+      end
+      s = Session.create!(
+        user: user,
+        ip: request.remote_ip,
+        expires: expiry,
+        remember_digest: token ? Session.digest(token) : nil
+      )
+      if remember
+        cookies.signed.permanent[:session_id] = s.id
+      end
+    end
+  end
+
+  def is_logged_in?
+    # Case 1: User has an active session inside the cookie.
+    # We verify that the session hasn't expired yet.
+    if session[:user_id] && session[:expires].to_time > DateTime.now
+
+      return true
+
+    else
+      # Case 2: User is returning and has a remember token saved.
+      # We get the Session, check the token and expiry, and log the user in.
+      if cookies.signed.permanent[:remember_token] && cookies.signed.permanent[:user_id] &&
+          cookies.signed.permanent[:session_id]
+
+        s = Session.find_by(
+          id: cookies.signed.permanent[:session_id]
+        )
+        if s.nil? || s.remember_digest.nil?
+          return false
+        end
+
+        session_password = BCrypt::Password.new s.remember_digest
+
+        if s.expires > DateTime.now && session_password == cookies.signed.permanent[:remember_token]
+          log_in s.user, false, false
+          return true
+        end
+
+      return false
+      end
+
+    return false
+
+    end
+  end
+
 end

app/models/session.rb

+class Session < ApplicationRecord
+  belongs_to :user
+
+  def Session.new_token
+    SecureRandom.urlsafe_base64
+  end
+
+  def Session.digest(string)
+    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
+                                                  BCrypt::Engine.cost
+    BCrypt::Password.create(string, cost: cost)
+  end
+end

config/routes.rb

   get  'forgot', to: 'authentication#forgotten_password_form'
   post 'forgot', to: 'authentication#forgotten_password'
 
+  get 'logintest', to: 'authentication#login_status'
+
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
 end

db/migrate/20161212211342_create_sessions.rb

+class CreateSessions < ActiveRecord::Migration[5.0]
+  def change
+    create_table :sessions do |t|
+      t.string :ip
+      t.datetime :expires
+      t.string :remember_digest, unique: true
+      t.references :user, foreign_key: true
+      t.boolean :active, default: true
+
+      t.timestamps
+    end
+  end
+end

db/schema.rb

 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161208092632) do
+ActiveRecord::Schema.define(version: 20161212211342) do
 
   create_table "activities", force: :cascade do |t|
     t.string   "public_name"
     t.index ["email"], name: "index_people_on_email", unique: true
   end
 
+  create_table "sessions", force: :cascade do |t|
+    t.string   "ip"
+    t.datetime "expires"
+    t.string   "remember_digest"
+    t.integer  "user_id"
+    t.boolean  "active",          default: true
+    t.datetime "created_at",                     null: false
+    t.datetime "updated_at",                     null: false
+    t.index ["user_id"], name: "index_sessions_on_user_id"
+  end
+
   create_table "users", force: :cascade do |t|
     t.string   "email"
     t.string   "password_digest"

test/fixtures/sessions.yml

+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  ip: MyString
+  expires: 2016-12-12 22:13:42
+  remember_digest: MyString
+  user: one
+  active: 
+
+two:
+  ip: MyString
+  expires: 2016-12-12 22:13:42
+  remember_digest: MyString
+  user: two
+  active: 

test/models/session_test.rb

+require 'test_helper'
+
+class SessionTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end