I'm learning Ruby on Rails and think I know enough to create an app I have in mind -- except for the user auth part. I'd like you to create a base app for me that handles all the user auth and user management features I need, and then I can take it over and build out the rest of my app from there.
Here are the auth features I need:
- Normal Devise-based signups and logins with email and password.
- OmniAuth-based signups and logins for Facebook, Google, and Twitter
- Devise options :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable, and :omniauthable
- Additional User field: name
- All signups should involve the user providing their name, even on an Omniauth signup
- Users can edit their name, change their emails or passwords (if they signed up with an email and password), or add Facebook, Google, or Twitter logins to their account if they don't already have them. (I don't know if it's possible to allow a user to use more than one external auth service, but if it is, that would be cool to add.)
- If an external auth service doesn't provide the user's email, the app should ask for it during the signup process. (In addition to the user's name.)
- Any user provided emails, during signup or if the user changes it manually later, should be validated with an emailed link. (I'm assuming Devise does this automatically, but I just want to make sure it's in the spec.)
- All email entry should include a second field to confirm the email, and the submit should fail if they don't match. No checking of the email format will be needed, since we'll be validating them by actually sending a validation email.
- Users can log out
- Home (root) page of the app should have the following links: "Log in" and "Sign up" if the user is not logged in, and "edit profile" and "log out" if the user is logged in.
- "Log in" or "Sign up" should take the user to forms for doing each, and the forms should also offer the option of doing it via Facebook, Twitter, or Google.
- The "Log in" form should also have a link for users to click if they forgot their passwords. It should cause a reset link to be emailed to them.
- "Edit profile" should take the user to a form for editing their name or changing their password. This form should also show which, if any, of the external auth providers is being used for that user, and add external auth to their account if they don't currently have it. (Or, if it's possible and easy, to also add an additional auto provider to one they're already using. But again: only if this is easy.)
Here are some more general requirements:
- Use Ruby 2.5.1 and Rails 5.2
- Plain, unstyled, purely functional HTML for all screens and forms. (I'll style them myself as I build my app.)
- Minitest tests for everything (including integration tests)
Since external auth requires setup of various auth provider accounts and use of information like secret app keys from those accounts in the app code, and I'm guessing even the emailing of email validations and password reset links, etc., will require that somebody's smtp server be used, I suggest the following development plan:
1. You use your own smtp server and Facebook, Twitter, and Google accounts while the app is under development.
2. You place the app on the Internet somewhere so I can try it out.
3. When I satisfied it's working correctly, you deliver the source to me, but with all the secret keys and smtp credentials and so forth deleted. (Or better, maybe all changed to 'xxx')
4. You also deliver to me a list of instructions for how to restore all those deleted strings with my own.
Please let me know if I seem to be misunderstanding anything, or if any requirements above are harder than they might seem, so that the job could be a lot cheaper if they were left out. And please ask about anything that doesn't seem clear, or if there seem to be important considerations I'm not addressing.
UPDATES based on discussion:
- In the item that begins "'Edit profile' should take the user to a form...", please delete/disregard everything after the first sentence. (Everything starting with "This form should also show...")
- If Devise/OmniAuth have an established, built-in way of dealing with attempts by the same user to signup/login through different OAuth providers, then let that default behavior happen. If they require you to write your own controller code in order to handle such cases, then try to make that code behave as we discussed.