lato 0.1.0

data/app/models/lato/user.rb

@@ -0,0 +1,164 @@
+module Lato
+  class User < ApplicationRecord
+    has_secure_password
+
+    # Kredis
+    ##
+
+    kredis_boolean :email_verification_semaphore, expires_in: 2.minutes
+    kredis_string :email_verification_code, expires_in: 30.minutes
+    kredis_string :password_update_code, expires_in: 30.minutes
+
+    # Validations
+    ##
+
+    validates :first_name, presence: true
+    validates :last_name, presence: true
+    validates :email, presence: true, uniqueness: true
+    validates :accepted_privacy_policy_version, presence: true
+    validates :accepted_terms_and_conditions_version, presence: true
+
+    # Relations
+    ##
+
+    has_many :lato_operations, class_name: 'Lato::Operation', foreign_key: :lato_user_id, dependent: :nullify
+
+    # Hooks
+    ##
+
+    before_validation do
+      self.email = email&.downcase&.strip
+    end
+
+    before_save do
+      self.email_verified_at = nil if email_changed?
+      self.accepted_privacy_policy_version = Lato.config.legal_privacy_policy_version if accepted_privacy_policy_version_changed?
+      self.accepted_terms_and_conditions_version = Lato.config.legal_terms_and_conditions_version if accepted_terms_and_conditions_version_changed?
+    end
+
+    # Questions
+    ##
+
+    def valid_accepted_privacy_policy_version?
+      @valid_accepted_privacy_policy_version ||= accepted_privacy_policy_version >= Lato.config.legal_privacy_policy_version
+    end
+
+    def valid_accepted_terms_and_conditions_version?
+      @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_privacy_policy_version
+    end
+
+    # Helpers
+    ##
+
+    def full_name
+      "#{last_name} #{first_name}"
+    end
+
+    # Operations
+    ##
+
+    def signin(params)
+      self.email = params[:email]
+
+      user = Lato::User.find_by(email: params[:email])
+      unless user
+        errors.add(:email, 'non valido')
+        return
+      end
+
+      unless user.authenticate(params[:password])
+        errors.add(:password, 'non valida')
+        return
+      end
+
+      self.id = user.id
+      reload
+
+      true
+    end
+
+    def request_verify_email
+      if email_verification_semaphore.value
+        errors.add(:base, 'Attendi almeno 2 minuti per provare un nuovo tentativo di verifica email')
+        return
+      end
+
+      code = SecureRandom.hex.upcase
+      delivery = Lato::UserMailer.email_verification_mail(id, code).deliver_now
+      unless delivery
+        errors.add(:base, 'Impossibile inviare mail')
+        return
+      end
+
+      email_verification_code.value = code
+      email_verification_semaphore.value = true
+
+      true
+    end
+
+    def verify_email(params)
+      unless email_verification_code.value
+        errors.add(:base, 'Il codice di verifica email risulta scaduto')
+        return
+      end
+
+      unless email_verification_code.value == params[:code]
+        errors.add(:base, 'Il codice di verifica email non risulta valido')
+        return
+      end
+
+      email_verification_code.value = nil
+      email_verification_semaphore.value = nil
+
+      update_column(:email_verified_at, Time.now)
+      true
+    end
+
+    def destroy_with_confirmation(params)
+      unless params[:email_confirmation] == email
+        errors.add(:email, 'non corretto')
+        return
+      end
+
+      destroy
+    end
+
+    def request_recover_password(params)
+      user = Lato::User.find_by(email: params[:email])
+      unless user
+        errors.add(:email, 'non registrato')
+        return
+      end
+
+      code = SecureRandom.hex.upcase
+      delivery = Lato::UserMailer.password_update_mail(user.id, code).deliver_now
+      unless delivery
+        errors.add(:base, 'Impossibile inviare mail')
+        return
+      end
+
+      self.id = user.id
+      reload
+
+      password_update_code.value = code
+
+      true
+    end
+
+    def update_password(params)
+      unless password_update_code.value
+        errors.add(:base, 'Il codice di verifica risulta scaduto')
+        return
+      end
+
+      unless password_update_code.value == params[:code]
+        errors.add(:base, 'Il codice di verifica non risulta valido')
+        return
+      end
+
+      password_update_code.value = nil
+
+      update(params.permit(:password, :password_confirmation))
+    end
+  end
+end

data/app/views/lato/account/_alert-accepted-privacy-policy-version.html.erb

@@ -0,0 +1,20 @@
+<%= turbo_frame_tag 'account_alert-accepted-privacy-policy-version' do %>
+  <% unless @session.user.valid_accepted_privacy_policy_version? %>
+    <div class="alert alert-info mb-4">
+      <h2 class="alert-heading">Aggiornamento privacy policy</h2>
+      <p>
+      Ciao <%= @session.user.first_name %>,<br>
+      Ti informiamo che è stato rilasciato un <b>aggiornamento della nostra privacy policy</b>.<br>
+      Per continuare a utilizzare <%= Lato.config.application_title %> è necessario prendere visione e accettare la nuova privacy policy.<br>
+      </p>
+      <%= form_with model: @session.user, url: lato.account_update_accepted_privacy_policy_version_action_path, data: { turbo_frame: '_self' } do |form| %>
+        <%= lato_form_errors @session.user, class: %w[mb-3] %>
+        <%= lato_form_item_input_check form, :accepted_privacy_policy_version, "Dichiaro di aver letto e accettato la <a href=#{Lato.config.legal_privacy_policy_url} target=_blank>privacy policy</a>.", checked: false, required: true %>
+
+        <div class="mt-3">
+          <%= lato_form_submit form, 'Conferma' %>
+        </div>
+      <% end %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/account/_alert-accepted-terms-and-conditions-version.html.erb

@@ -0,0 +1,20 @@
+<%= turbo_frame_tag 'account_alert-accepted-terms-and-conditions-version' do %>
+  <% unless @session.user.valid_accepted_terms_and_conditions_version? %>
+    <div class="alert alert-info mb-4">
+      <h2 class="alert-heading">Aggiornamento termini e condizioni</h2>
+      <p>
+      Ciao <%= @session.user.first_name %>,<br>
+      Ti informiamo che è stato rilasciato un <b>aggiornamento dei nostri termini e condizioni</b> di utilizzo.<br>
+      Per continuare a utilizzare <%= Lato.config.application_title %> è necessario prendere visione e accettare i nuovi termini.<br>
+      </p>
+      <%= form_with model: @session.user, url: lato.account_update_accepted_terms_and_conditions_version_action_path, data: { turbo_frame: '_self' } do |form| %>
+        <%= lato_form_errors @session.user, class: %w[mb-3] %>
+        <%= lato_form_item_input_check form, :accepted_terms_and_conditions_version, "Dichiaro di aver letto e accettato i <a href=#{Lato.config.legal_terms_and_conditions_url} target=_blank>termini e condizioni</a> di utilizzo.", checked: false, required: true %>
+
+        <div class="mt-3">
+          <%= lato_form_submit form, 'Conferma' %>
+        </div>
+      <% end %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/account/_form-destroy.html.erb

@@ -0,0 +1,21 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'account_form-destroy' do %>
+  <%= form_with model: user, url: lato.account_destroy_action_path, method: :delete, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="mb-3">
+      <%= lato_form_item_label form, :email_confirmation, 'Indirizzo email di registrazione' %>
+      <%= lato_form_item_input_email form, :email_confirmation, required: true %>
+    </div>
+
+    <div class="d-flex justify-content-end">
+      <%= lato_form_submit form, 'Elimina account', class: %w[btn-danger] %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/account/_form-password.html.erb

@@ -0,0 +1,28 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'account_form-password' do %>
+  <%= form_with model: user, url: lato.account_update_password_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="row">
+      <div class="col col-12 col-lg-6 mb-3">
+        <%= lato_form_item_label form, :password, 'Nuova password' %>
+        <%= lato_form_item_input_password form, :password, required: true %>
+      </div>
+
+      <div class="col col-12 col-lg-6 mb-3">
+        <%= lato_form_item_label form, :password_confirmation, 'Conferma nuova password' %>
+        <%= lato_form_item_input_password form, :password_confirmation, required: true %>
+      </div>
+    </div>
+
+    <div class="d-flex justify-content-end">
+      <%= lato_form_submit form, 'Aggiorna', class: %w[btn-success] %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/account/_form-user.html.erb

@@ -0,0 +1,40 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'account_form-user' do %>
+  <%= form_with model: user, url: lato.account_update_user_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+
+    <div class="row">
+      <div class="col col-12 col-lg-4 mb-3">
+        <%= lato_form_item_label form, :first_name %>
+        <%= lato_form_item_input_text form, :first_name, required: true %>
+      </div>
+
+      <div class="col col-12 col-lg-4 mb-3">
+        <%= lato_form_item_label form, :last_name %>
+        <%= lato_form_item_input_text form, :last_name, required: true %>
+      </div>
+
+      <div class="col col-12 col-lg-4 mb-3">
+        <%= lato_form_item_label form, :email %>
+        <div class="input-group mb-3">
+          <%= lato_form_item_input_email form, :email, required: true %>
+          <% if user.email_verified_at %>
+            <button class="btn btn-outline-success" style="pointer-events: none">Verificato</span>
+          <% else %>
+            <%= link_to 'Verifica email', account_request_verify_email_action_path, class: 'btn btn-warning', data: { turbo_method: :patch, turbo_frame: '_self' } %>
+          <% end %>
+        </div>
+      </div>
+    </div>
+
+    <div class="d-flex justify-content-end">
+      <%= lato_form_submit form, 'Aggiorna', class: %w[btn-success] %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/account/index.html.erb

@@ -0,0 +1,65 @@
+<%= lato_page_head 'Account' %>
+
+<%= render 'lato/account/alert-accepted-privacy-policy-version' %>
+<%= render 'lato/account/alert-accepted-terms-and-conditions-version' %>
+
+<div class="card mb-4">
+  <div class="card-header">
+    <h2 class="fs-4 mb-0">Informazioni account</h2>
+  </div>
+  <div class="card-body">
+    <%= render 'lato/account/form-user', user: @session.user %>
+  </div>
+</div>
+
+<% if false %>
+<div class="card mb-4">
+  <div class="card-header">
+    <h2 class="fs-4 mb-0">Dati di fatturazione</h2>
+  </div>
+  <div class="card-body">
+
+  </div>
+</div>
+<% end %>
+
+<div class="card mb-4">
+  <div class="card-header">
+    <h2 class="fs-4 mb-0">Aggiornamento password</h2>
+  </div>
+  <div class="card-body">
+    <%= render 'lato/account/form-password', user: @session.user %>
+  </div>
+</div>
+
+
+<% if false %>
+<div class="card mb-4">
+  <div class="card-header">
+    <h2 class="fs-4 mb-0">Chiavi API</h2>
+  </div>
+  <div class="card-body">
+    
+  </div>
+</div>
+<% end %>
+
+<div class="card mb-4">
+  <div class="card-header">
+    <h2 class="fs-4 mb-0">Cancellazione account</h2>
+  </div>
+  <div class="card-body">
+    <div class="alert alert-warning">
+      <h4 class="alert-heading">Attenzione</h4>
+      <p>
+        Cancellando il tuo account <b>saranno automaticamente eliminati definitivamente tutti i dati</b> ad esso associati.<br>
+        Confermando l'eliminazione non ci sarà più modo di recuperare le informazioni perse.
+      </p>
+      <p class="mb-0">
+        Digita il tuo indirizzo email di registrazione e premi "Elimina account" per procedere con l'operazione.
+      </p>
+    </div>
+
+    <%= render 'lato/account/form-destroy', user: @session.user %>
+  </div>
+</div>

data/app/views/lato/authentication/_form-recover-password.html.erb

@@ -0,0 +1,20 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'authentication_form-recover-password' do %>
+  <%= form_with model: user, url: lato.authentication_recover_password_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+
+    <div class="mb-3">
+      <%= lato_form_item_label form, :email, 'Inserisci la tua email' %>
+      <%= lato_form_item_input_email form, :email, required: true %>
+    </div>
+
+    <div>
+      <%= lato_form_submit form, 'Prosegui', class: %w[d-block w-100] %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/_form-signin.html.erb

@@ -0,0 +1,31 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'authentication_form-signin' do %>
+  <%= form_with model: user, url: lato.authentication_signin_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="mb-3">
+      <%= lato_form_item_label form, :email, 'Email' %>
+      <%= lato_form_item_input_email form, :email, required: true %>
+    </div>
+
+    <div class="mb-3">
+      <%= lato_form_item_label form, :password, 'Password' %>
+      <%= lato_form_item_input_password form, :password, required: true %>
+    </div>
+
+    <div>
+      <%= lato_form_submit form, 'Accedi', class: %w[d-block w-100] %>
+    </div>
+    <% unless Lato.config.auth_disable_signup %>
+      <div class="text-center mt-3 mb-3">
+        oppure <%= link_to 'crea un account gratuito', lato.authentication_signup_path %>
+      </div>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/_form-signup.html.erb

@@ -0,0 +1,47 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'authentication_form-signup' do %>
+  <%= form_with model: user, url: lato.authentication_signup_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="row">
+      <div class="col col-12 col-md-6 mb-3">
+        <%= lato_form_item_label form, :first_name, 'Nome' %>
+        <%= lato_form_item_input_text form, :first_name, required: true %>
+      </div>
+
+      <div class="col col-12 col-md-6 mb-3">
+        <%= lato_form_item_label form, :last_name, 'Cognome' %>
+        <%= lato_form_item_input_text form, :last_name, required: true %>
+      </div>
+
+      <div class="col col-12 mb-3">
+        <%= lato_form_item_label form, :email, 'Email' %>
+        <%= lato_form_item_input_email form, :email, required: true %>
+      </div>
+
+      <div class="col col-12 col-md-6 mb-3">
+        <%= lato_form_item_label form, :password, 'Password' %>
+        <%= lato_form_item_input_password form, :password, required: true %>
+      </div>
+
+      <div class="col col-12 col-md-6 mb-3">
+        <%= lato_form_item_label form, :password_confirmation, 'Conferma password' %>
+        <%= lato_form_item_input_password form, :password_confirmation, required: true %>
+      </div>
+    </div>
+
+    <div class="mb-3 text-muted" style="font-size: 14px;">
+      <%= lato_form_item_input_check form, :accepted_privacy_policy_version, "Dichiaro di aver letto e accettato la <a href=#{Lato.config.legal_privacy_policy_url} target=_blank>privacy policy</a>.", required: true %>
+      <%= lato_form_item_input_check form, :accepted_terms_and_conditions_version, "Dichiaro di aver letto e accettato i <a href=#{Lato.config.legal_terms_and_conditions_url} target=_blank>termini e condizioni</a> di utilizzo.", required: true %>
+    </div>
+
+    <div class="d-flex justify-content-end">
+      <%= lato_form_submit form, 'Registrati' %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/_form-update-password.html.erb

@@ -0,0 +1,30 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'authentication_form-update-password' do %>
+  <%= form_with model: user, url: lato.authentication_update_password_action_path(id: user.id), data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="mb-3">
+      <%= lato_form_item_label form, :code, 'Codice ricevuto via email' %>
+      <%= lato_form_item_input_text form, :code, required: true %>
+    </div>
+
+    <div class="mb-3">
+      <%= lato_form_item_label form, :password, 'Nuova password' %>
+      <%= lato_form_item_input_password form, :password, required: true %>
+    </div>
+
+    <div class="mb-3">
+      <%= lato_form_item_label form, :password_confirmation, 'Conferma nuova password' %>
+      <%= lato_form_item_input_password form, :password_confirmation, required: true %>
+    </div>
+
+    <div class="d-flex justify-content-end">
+      <%= lato_form_submit form, 'Conferma' %>
+    </div>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/_form-verify-email.html.erb

@@ -0,0 +1,22 @@
+<%
+
+user ||= Lato::User.new
+code ||= nil
+
+%>
+
+
+<%= turbo_frame_tag 'authentication_form_verify_email' do %>
+  <%= form_with model: user, url: lato.authentication_verify_email_action_path(id: user.id), class: 'text-center', data: { turbo_frame: '_self' } do |form| %>
+    <% if code %>
+      <%= form.hidden_field :code, value: code %>
+      <button type="submit" style="display: none;"></button>
+      <script>document.getElementById('authentication_form_verify_email').querySelector('button[type="submit"]').click()</script>
+    <% else %>
+      <%= lato_form_notices class: %w[mb-3], fixed: true %>
+      <%= lato_form_errors user, class: %w[mb-3], fixed: true %>
+
+      <%= link_to 'Torna all tuo account', lato.account_path, class: %w[btn btn-primary] %>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/recover_password.html.erb

@@ -0,0 +1,13 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 400px">
+    <div class="card-header">
+      <h1 class="fs-3 mb-0 text-center">Recupero password</h1>
+    </div>
+    <div class="card-body">
+      <%= render 'lato/authentication/form-recover-password', user: @user %>
+    </div>
+    <div class="card-footer text-center">
+      <%= link_to 'Torna al login', lato.authentication_signin_path, class: 'text-muted' %>
+    </div>
+  </div>
+</div>

data/app/views/lato/authentication/signin.html.erb

@@ -0,0 +1,13 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 400px">
+    <div class="card-header">
+      <h1 class="fs-3 mb-0 text-center">Accedi</h1>
+    </div>
+    <div class="card-body">
+      <%= render 'lato/authentication/form-signin', user: @user %>
+    </div>
+    <div class="card-footer text-center">
+      <%= link_to 'Hai dimenticato la password?', lato.authentication_recover_password_path, class: 'text-muted' %>
+    </div>
+  </div>
+</div>

data/app/views/lato/authentication/signout.html.erb

@@ -0,0 +1,11 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 350px">
+    <div class="card-body text-center">
+      <p><%= @session.user.first_name %>, Sei sicuro di voler uscire dal tuo account?</p>
+      <div>
+        <%= link_to 'Annulla', lato.root_path, class: %w[btn btn-primary me-2] %>
+        <%= link_to 'Si, Esci', lato.authentication_signout_action_path, class: %w[btn btn-danger ms-2], data: { turbo_method: :delete } %>
+      </div>
+    </div>
+  </div>
+</div>

data/app/views/lato/authentication/signup.html.erb

@@ -0,0 +1,13 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 550px">
+    <div class="card-header">
+      <h1 class="fs-3 mb-0 text-center">Registrati</h1>
+    </div>
+    <div class="card-body">
+      <%= render 'lato/authentication/form-signup', user: @user %>
+    </div>
+    <div class="card-footer">
+      <%= link_to 'Hai già un account?', lato.authentication_signin_path, class: 'text-muted' %>
+    </div>
+  </div>
+</div>

data/app/views/lato/authentication/update_password.html.erb

@@ -0,0 +1,13 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 400px">
+    <div class="card-header">
+      <h1 class="fs-3 mb-0 text-center">Aggiornamento password</h1>
+    </div>
+    <div class="card-body">
+      <%= render 'lato/authentication/form-update-password', user: @user %>
+    </div>
+    <div class="card-footer text-center">
+      <%= link_to 'Torna al login', lato.authentication_signin_path, class: 'text-muted' %>
+    </div>
+  </div>
+</div>

data/app/views/lato/authentication/verify_email.html.erb

@@ -0,0 +1,7 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 350px">
+    <div class="card-body">
+      <%= render 'lato/authentication/form-verify-email', user: @user, code: @code %>
+    </div>
+  </div>
+</div>