From d41240eeb9e00899b98f9b22ed1a5fb5826b7f27 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Tue, 16 Oct 2018 11:58:26 -0700
Subject: [PATCH 01/12] it all started with oath

---
 .gitignore                              |  2 +
 Gemfile                                 |  4 ++
 Gemfile.lock                            | 28 ++++++++
 app/controllers/sessions_controller.rb  | 88 +++++++++++++++++++------
 app/models/user.rb                      | 14 ++++
 app/views/layouts/application.html.erb  |  7 +-
 config/initializers/omniauth.rb         |  3 +
 config/routes.rb                        | 12 +++-
 db/migrate/20181016180946_oath_stuff.rb | 12 ++++
 db/schema.rb                            | 38 ++++++-----
 10 files changed, 163 insertions(+), 45 deletions(-)
 create mode 100644 config/initializers/omniauth.rb
 create mode 100644 db/migrate/20181016180946_oath_stuff.rb

diff --git a/.gitignore b/.gitignore
index 48fb168f..5a111e4e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,5 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+
+.env
diff --git a/Gemfile b/Gemfile
index 42f4bb2c..a81c670b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -62,7 +62,11 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+
+gem "omniauth"
+gem "omniauth-github"
diff --git a/Gemfile.lock b/Gemfile.lock
index 5b407e7e..f66ae74f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -70,11 +70,18 @@ GEM
     concurrent-ruby (1.0.5)
     crass (1.0.4)
     debug_inspector (0.0.3)
+    dotenv (2.5.0)
+    dotenv-rails (2.5.0)
+      dotenv (= 2.5.0)
+      railties (>= 3.2, < 6.0)
     erubi (1.7.1)
     execjs (2.7.0)
+    faraday (0.15.3)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.25)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    hashie (3.5.7)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
@@ -84,6 +91,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (2.1.0)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -113,9 +121,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.8.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
     pg (0.21.0)
     popper_js (1.14.3)
     pry (0.11.3)
@@ -207,6 +232,7 @@ DEPENDENCIES
   bootstrap (~> 4.1.3)
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   jbuilder (~> 2.5)
   jquery-rails
   listen (~> 3.0.5)
@@ -214,6 +240,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 5bce99e6..5bb3cee1 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,34 +1,80 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  def create
+    auth_hash = request.env['omniauth.auth']
+
+    user = User.find_by(uid: auth_hash[:uid], provider: 'github')
+    if user
+      # User was found in the database
+      puts "Found user"
+      flash[:success] = "Logged in as returning user #{user.name}"
+
     else
-      user = User.new(username: username)
+      # User doesn't match anything in the DB
+      # Attempt to create a new user
+      puts "Creating user"
+      user = User.build_from_github(auth_hash)
+
       if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+        flash[:success] = "Logged in as new user #{user.name}"
+
       else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
+        # Couldn't save the user for some reason. If we
+        # hit this it probably means there's a bug with the
+        # way we've configured GitHub. Our strategy will
+        # be to display error messages to make future
+        # debugging easier.
+        flash[:status] = "failure"
+        flash[:result_text] = "Could not create user"
+        flash[:messages] = user.errors.messages
+        redirect_to root_path
         return
       end
     end
+
+    # If we get here, we have a valid user instance
+    puts "setting session"
+    session[:user_id] = user.id
     redirect_to root_path
   end
 
-  def logout
-    session[:user_id] = nil
-    flash[:status] = :success
-    flash[:result_text] = "Successfully logged out"
-    redirect_to root_path
+  def login_form
   end
+
+  # def login
+  #   username = params[:username]
+  #   if username and user = User.find_by(username: username)
+  #     session[:user_id] = user.id
+  #     flash[:status] = :success
+  #     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  #   else
+  #     user = User.new(username: username)
+  #     if user.save
+  #       session[:user_id] = user.id
+  #       flash[:status] = :success
+  #       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+  #     else
+  #       flash.now[:status] = :failure
+  #       flash.now[:result_text] = "Could not log in"
+  #       flash.now[:messages] = user.errors.messages
+  #       render "login_form", status: :bad_request
+  #       return
+  #     end
+  #   end
+  #   redirect_to root_path
+  # end
+  #
+  # def logout
+  #   session[:user_id] = nil
+  #   flash[:status] = :success
+  #   flash[:result_text] = "Successfully logged out"
+  #   redirect_to root_path
+  # end
+
+  def destroy
+  session[:user_id] = nil
+  flash[:success] = "Successfully logged out!"
+
+  redirect_to root_path
+end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 4cac8fe0..14795f86 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -3,4 +3,18 @@ class User < ApplicationRecord
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+
+  def self.build_from_github(auth_hash)
+    user = User.new
+    user.uid = auth_hash[:uid]
+    user.provider = 'github'
+    user.name = auth_hash['info']['name']
+    user.email = auth_hash['info']['email']
+    user.username = auth_hash['info']['nickname']
+
+
+    # Note that the user has not been saved
+    return user
+
+  end
 end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index e7b07ce4..037bf113 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -33,19 +33,19 @@
         </li>
       </ul>
       <ul class="nav app-header__user-nav-container">
-        <% if @login_user %>
+        <% if session[:user_id] %>
 
         <li class="nav-item app-header__nav_item">
           <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "btn btn-primary" %>
         </li>
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log Out", logout_path, method: :post, class: "btn btn-primary" %>
+          <%= link_to "Log out", logout_path, class: "btn btn-primary", method: :delete %>
         </li>
 
         <% else %>
 
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log In", login_path, class: "btn btn-primary" %>
+          <%= link_to "Login with Github", "/auth/github", class: "btn btn-primary" %>
         </li>
         <% end %>
 
@@ -69,7 +69,6 @@
       </div>
     </section>
   <% end %>
-
   <main>
     <%= yield %>
   </main>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
new file mode 100644
index 00000000..fd441612
--- /dev/null
+++ b/config/initializers/omniauth.rb
@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end
diff --git a/config/routes.rb b/config/routes.rb
index a7e8af1d..e914f943 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,12 +1,18 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
-  get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
-  post '/logout', to: 'sessions#logout', as: 'logout'
+  # get '/login', to: 'sessions#login_form', as: 'login'
+  # post '/login', to: 'sessions#login'
+  # post '/logout', to: 'sessions#logout', as: 'logout'
 
   resources :works
   post '/works/:id/upvote', to: 'works#upvote', as: 'upvote'
 
   resources :users, only: [:index, :show]
+
+  #oath stuff
+  get "/auth/:provider/callback", to: "sessions#create"
+  delete "/logout", to: "sessions#destroy", as: "logout"
+
+
 end
diff --git a/db/migrate/20181016180946_oath_stuff.rb b/db/migrate/20181016180946_oath_stuff.rb
new file mode 100644
index 00000000..0d106566
--- /dev/null
+++ b/db/migrate/20181016180946_oath_stuff.rb
@@ -0,0 +1,12 @@
+class OathStuff < ActiveRecord::Migration[5.2]
+  def change
+    change_table :users do |t|
+      t.string :name
+      t.string :email
+      t.integer :uid, null: false # this is the identifier provided by GitHub
+      t.string :provider, null: false # this tells us who provided the identifier
+
+      # t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 6bc8ba5c..b3507546 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,35 +10,39 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 2018_10_16_180946) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
-  create_table "users", force: :cascade do |t|
-    t.string   "username"
+  create_table "users", id: :serial, force: :cascade do |t|
+    t.string "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string "name"
+    t.string "email"
+    t.integer "uid", null: false
+    t.string "provider", null: false
   end
 
-  create_table "votes", force: :cascade do |t|
-    t.integer  "user_id"
-    t.integer  "work_id"
+  create_table "votes", id: :serial, force: :cascade do |t|
+    t.integer "user_id"
+    t.integer "work_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["user_id"], name: "index_votes_on_user_id", using: :btree
-    t.index ["work_id"], name: "index_votes_on_work_id", using: :btree
+    t.index ["user_id"], name: "index_votes_on_user_id"
+    t.index ["work_id"], name: "index_votes_on_work_id"
   end
 
-  create_table "works", force: :cascade do |t|
-    t.string   "title"
-    t.string   "creator"
-    t.string   "description"
-    t.string   "category"
-    t.datetime "created_at",                   null: false
-    t.datetime "updated_at",                   null: false
-    t.integer  "vote_count",       default: 0
-    t.integer  "publication_year"
+  create_table "works", id: :serial, force: :cascade do |t|
+    t.string "title"
+    t.string "creator"
+    t.string "description"
+    t.string "category"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.integer "vote_count", default: 0
+    t.integer "publication_year"
   end
 
   add_foreign_key "votes", "users"

From 7720354817a30ae5136e3aeca2771af2b628ba10 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Tue, 16 Oct 2018 21:26:14 -0700
Subject: [PATCH 02/12] left some notes for todos and refactors of the future

---
 app/controllers/sessions_controller.rb | 15 +++++++++------
 app/models/user.rb                     |  1 +
 config/routes.rb                       |  1 +
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 5bb3cee1..42b26339 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -6,17 +6,19 @@ def create
     user = User.find_by(uid: auth_hash[:uid], provider: 'github')
     if user
       # User was found in the database
-      puts "Found user"
-      flash[:success] = "Logged in as returning user #{user.name}"
+      flash[:status] = "success"
+      flash[:result_text] = "Logged in as existing user #{user.username}"
+      flash[:messages] = user.errors.messages
 
     else
       # User doesn't match anything in the DB
       # Attempt to create a new user
-      puts "Creating user"
       user = User.build_from_github(auth_hash)
 
       if user.save
-        flash[:success] = "Logged in as new user #{user.name}"
+        flash[:status] = "success"
+        flash[:result_text] = "Logged in as #{user.username}"
+        flash[:messages] = user.errors.messages
 
       else
         # Couldn't save the user for some reason. If we
@@ -33,7 +35,6 @@ def create
     end
 
     # If we get here, we have a valid user instance
-    puts "setting session"
     session[:user_id] = user.id
     redirect_to root_path
   end
@@ -73,7 +74,9 @@ def login_form
 
   def destroy
   session[:user_id] = nil
-  flash[:success] = "Successfully logged out!"
+  flash[:status] = "success"
+  flash[:result_text] = "Successfully logged out"
+  # flash[:messages] = user.errors.messages
 
   redirect_to root_path
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 14795f86..4fb7b6b2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -11,6 +11,7 @@ def self.build_from_github(auth_hash)
     user.name = auth_hash['info']['name']
     user.email = auth_hash['info']['email']
     user.username = auth_hash['info']['nickname']
+  #TODO: ADD PROVIDER TO DB
 
 
     # Note that the user has not been saved
diff --git a/config/routes.rb b/config/routes.rb
index e914f943..5c7c963e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,6 +11,7 @@
   resources :users, only: [:index, :show]
 
   #oath stuff
+  # TODO: add view helper?? need login path + add to view
   get "/auth/:provider/callback", to: "sessions#create"
   delete "/logout", to: "sessions#destroy", as: "logout"
 

From 2fc6c35eb02fd014c756e6d5adb9e727fc10603a Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Sun, 28 Oct 2018 00:22:02 -0700
Subject: [PATCH 03/12] added oath info for users yaml

---
 app/controllers/works_controller.rb       |  2 +-
 test/controllers/works_controller_test.rb | 25 ++++++++++++++++++++---
 test/fixtures/users.yml                   |  6 ++++++
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb
index 2020bee4..6084055c 100644
--- a/app/controllers/works_controller.rb
+++ b/app/controllers/works_controller.rb
@@ -50,7 +50,7 @@ def update
       flash.now[:status] = :failure
       flash.now[:result_text] = "Could not update #{@media_category.singularize}"
       flash.now[:messages] = @work.errors.messages
-      render :edit, status: :not_found
+      render :edit, status: :bad_request
     end
   end
 
diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index 0945ca47..0a71c640 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -2,18 +2,31 @@
 
 describe WorksController do
   describe "root" do
+    let(:kari) {users(:kari)}
     it "succeeds with all media types" do
       # Precondition: there is at least one media of each category
-
+      get root_path
+      must_respond_with :success
     end
 
     it "succeeds with one media type absent" do
       # Precondition: there is at least one media in two of the categories
+      work = works(:movie)
+      work.delete
 
+      get root_path
+      must_respond_with :success
     end
 
     it "succeeds with no media" do
+      works(:album).destry
+      works(:another_album).destroy
+      works(:poodr).destroy
+      works(:movie).destroy
 
+      Work.all.count.must_equal 0
+      get root_path
+      must_respond_with :success
     end
   end
 
@@ -22,17 +35,23 @@
 
   describe "index" do
     it "succeeds when there are works" do
-
+      get works_path
+      must_respond_with :success
     end
 
     it "succeeds when there are no works" do
+      Work.all.each {|work| work.destory}
 
+      Work.all.count.must_equal 0
+      get root_path
+      must_respond_with :success
     end
   end
 
   describe "new" do
     it "succeeds" do
-
+      get new_work_path
+      must_respond_with :success
     end
   end
 
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index e2968d78..490cb252 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -2,6 +2,12 @@
 
 dan:
   username: dan
+  uid: 123
+  provider: google
+  email: dan@dan.com
 
 kari:
   username: kari
+  uid: 321
+  provider: google
+  email: kari@kari.com

From 670769bab65c8739f68fb1a78486749c8f35807f Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Sun, 28 Oct 2018 23:04:12 -0700
Subject: [PATCH 04/12] set up login info for tests and started create works
 tests

---
 config/routes.rb                          |   9 +-
 test/controllers/works_controller_test.rb | 175 ++++++++++++----------
 test/fixtures/users.yml                   |   4 +-
 test/test_helper.rb                       |  21 +++
 4 files changed, 130 insertions(+), 79 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index 5c7c963e..3ca6cd38 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,10 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+  get "/auth/:provider/callback", to: "sessions#create", as: 'auth_callback'
+  # get '/auth/github', as: 'github_login'
+  delete "/logout", to: "sessions#destroy", as: "logout"
+
+
   root 'works#root'
   # get '/login', to: 'sessions#login_form', as: 'login'
   # post '/login', to: 'sessions#login'
@@ -12,8 +17,8 @@
 
   #oath stuff
   # TODO: add view helper?? need login path + add to view
-  get "/auth/:provider/callback", to: "sessions#create"
-  delete "/logout", to: "sessions#destroy", as: "logout"
+
+
 
 
 end
diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index 0a71c640..173a0c4c 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -1,8 +1,22 @@
 require 'test_helper'
 
 describe WorksController do
+  CATEGORIES = %w(albums books movies)
+  INVALID_CATEGORIES = ["nope", "42", "", "  ", "albumstrailingtext"]
+
+  let(:kari) {users(:kari)}
+  let(:new_work_params) {{
+    work: {
+      title: 'rubber soul',
+      creator: 'the beatles',
+      description: 'classic tunes',
+      category: 'album',
+      publication_year: 1965
+    }
+  }}
+
+
   describe "root" do
-    let(:kari) {users(:kari)}
     it "succeeds with all media types" do
       # Precondition: there is at least one media of each category
       get root_path
@@ -19,7 +33,7 @@
     end
 
     it "succeeds with no media" do
-      works(:album).destry
+      works(:album).destroy
       works(:another_album).destroy
       works(:poodr).destroy
       works(:movie).destroy
@@ -30,9 +44,6 @@
     end
   end
 
-  CATEGORIES = %w(albums books movies)
-  INVALID_CATEGORIES = ["nope", "42", "", "  ", "albumstrailingtext"]
-
   describe "index" do
     it "succeeds when there are works" do
       get works_path
@@ -40,7 +51,7 @@
     end
 
     it "succeeds when there are no works" do
-      Work.all.each {|work| work.destory}
+      Work.all.each {|work| work.destroy}
 
       Work.all.count.must_equal 0
       get root_path
@@ -50,86 +61,100 @@
 
   describe "new" do
     it "succeeds" do
+      # log_user_in(kari)
       get new_work_path
       must_respond_with :success
     end
   end
 
   describe "create" do
-    it "creates a work with valid data for a real category" do
-
-    end
-
-    it "renders bad_request and does not update the DB for bogus data" do
-
-    end
-
-    it "renders 400 bad_request for bogus categories" do
-
-    end
-
-  end
-
-  describe "show" do
-    it "succeeds for an extant work ID" do
-
-    end
-
-    it "renders 404 not_found for a bogus work ID" do
-
-    end
-  end
-
-  describe "edit" do
-    it "succeeds for an extant work ID" do
-
-    end
+    # let(:log_in) {log_user_in(kari)}
 
-    it "renders 404 not_found for a bogus work ID" do
-
-    end
-  end
-
-  describe "update" do
-    it "succeeds for valid data and an extant work ID" do
-
-    end
-
-    it "renders bad_request for bogus data" do
-
-    end
-
-    it "renders 404 not_found for a bogus work ID" do
-
-    end
-  end
-
-  describe "destroy" do
-    it "succeeds for an extant work ID" do
-
-    end
-
-    it "renders 404 not_found and does not update the DB for a bogus work ID" do
-
-    end
-  end
-
-  describe "upvote" do
-
-    it "redirects to the work page if no user is logged in" do
-
-    end
-
-    it "redirects to the work page after the user has logged out" do
-
-    end
+    it "creates a work with valid data for a real category" do
+      log_user_in(kari)
 
-    it "succeeds for a logged-in user and a fresh user-vote pair" do
+      expect {
+        post works_path, params: new_work_params
+      }.must_change 'Work.count', 1
 
-    end
+      work = Work.find_by(title: 'rubber soul')
 
-    it "redirects to the work page if the user has already voted for that work" do
+      expect(flash[:status]).must_equal :success
 
+      must_respond_with :redirect
+      must_redirect_to work_path(work.id)
     end
+#
+#     it "renders bad_request and does not update the DB for bogus data" do
+#
+#     end
+#
+#     it "renders 400 bad_request for bogus categories" do
+#
+#     end
+#
   end
+#
+#   describe "show" do
+#     it "succeeds for an extant work ID" do
+#
+#     end
+#
+#     it "renders 404 not_found for a bogus work ID" do
+#
+#     end
+#   end
+#
+#   describe "edit" do
+#     it "succeeds for an extant work ID" do
+#
+#     end
+#
+#     it "renders 404 not_found for a bogus work ID" do
+#
+#     end
+#   end
+#
+#   describe "update" do
+#     it "succeeds for valid data and an extant work ID" do
+#
+#     end
+#
+#     it "renders bad_request for bogus data" do
+#
+#     end
+#
+#     it "renders 404 not_found for a bogus work ID" do
+#
+#     end
+#   end
+#
+#   describe "destroy" do
+#     it "succeeds for an extant work ID" do
+#
+#     end
+#
+#     it "renders 404 not_found and does not update the DB for a bogus work ID" do
+#
+#     end
+#   end
+#
+#   describe "upvote" do
+#
+#     it "redirects to the work page if no user is logged in" do
+#
+#     end
+#
+#     it "redirects to the work page after the user has logged out" do
+#
+#     end
+#
+#     it "succeeds for a logged-in user and a fresh user-vote pair" do
+#
+#     end
+#
+#     it "redirects to the work page if the user has already voted for that work" do
+#
+#     end
+#   end
 end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 490cb252..1010177c 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -3,11 +3,11 @@
 dan:
   username: dan
   uid: 123
-  provider: google
+  provider: github
   email: dan@dan.com
 
 kari:
   username: kari
   uid: 321
-  provider: google
+  provider: github
   email: kari@kari.com
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 5b4fb667..b90a098f 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -23,4 +23,25 @@ class ActiveSupport::TestCase
   # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
   fixtures :all
   # Add more helper methods to be used by all tests here...
+
+  def setup
+    OmniAuth.config.test_mode = true
+  end
+
+  def mock_auth_hash(user)
+    return {
+      provider: user.provider,
+      uid: user.uid,
+      info: {
+        email: user.email,
+        username: user.username
+      }
+    }
+  end
+
+  def log_user_in(user)
+    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(mock_auth_hash(user))
+
+    get auth_callback_path(:github)
+  end
 end

From c6f8aa536eda98e60fbcbaae0b194707d41b792d Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 00:29:47 -0700
Subject: [PATCH 05/12] bad data for works controller tests

---
 test/controllers/works_controller_test.rb | 41 ++++++++++++++++++-----
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index 173a0c4c..af5a63f0 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -61,7 +61,8 @@
 
   describe "new" do
     it "succeeds" do
-      # log_user_in(kari)
+      log_user_in(kari)
+
       get new_work_path
       must_respond_with :success
     end
@@ -85,14 +86,36 @@
       must_redirect_to work_path(work.id)
     end
 #
-#     it "renders bad_request and does not update the DB for bogus data" do
-#
-#     end
-#
-#     it "renders 400 bad_request for bogus categories" do
-#
-#     end
-#
+    it "renders bad_request and does not update the DB for bogus data" do
+      log_user_in(kari)
+
+      new_work_params[:work][:title] = nil
+
+      expect {
+        post works_path, params: new_work_params
+      }.wont_change 'Work.count'
+
+      expect(flash[:status]).must_equal :failure
+
+      must_respond_with :bad_request
+    end
+
+    it "renders 400 bad_request for bogus categories" do
+      log_user_in(kari)
+
+      INVALID_CATEGORIES.each do |category|
+        new_work_params[:work][:category] = category
+
+        expect {
+          post works_path, params: new_work_params
+        }.wont_change 'Work.count'
+
+        expect(flash[:status]).must_equal :failure
+
+        must_respond_with :bad_request
+      end
+    end
+
   end
 #
 #   describe "show" do

From 0b487b4ff03172d141be64cfa903fc6a5685275a Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 01:25:13 -0700
Subject: [PATCH 06/12] tests for updates in works controller

---
 test/controllers/works_controller_test.rb | 301 ++++++++++++----------
 1 file changed, 169 insertions(+), 132 deletions(-)

diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index af5a63f0..7775fe4b 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -13,171 +13,208 @@
       category: 'album',
       publication_year: 1965
     }
-  }}
+    }}
 
 
-  describe "root" do
-    it "succeeds with all media types" do
-      # Precondition: there is at least one media of each category
-      get root_path
-      must_respond_with :success
-    end
+    describe "root" do
+      it "succeeds with all media types" do
+        # Precondition: there is at least one media of each category
+        get root_path
+        must_respond_with :success
+      end
 
-    it "succeeds with one media type absent" do
-      # Precondition: there is at least one media in two of the categories
-      work = works(:movie)
-      work.delete
+      it "succeeds with one media type absent" do
+        # Precondition: there is at least one media in two of the categories
+        work = works(:movie)
+        work.delete
 
-      get root_path
-      must_respond_with :success
-    end
+        get root_path
+        must_respond_with :success
+      end
 
-    it "succeeds with no media" do
-      works(:album).destroy
-      works(:another_album).destroy
-      works(:poodr).destroy
-      works(:movie).destroy
+      it "succeeds with no media" do
+        works(:album).destroy
+        works(:another_album).destroy
+        works(:poodr).destroy
+        works(:movie).destroy
 
-      Work.all.count.must_equal 0
-      get root_path
-      must_respond_with :success
+        Work.all.count.must_equal 0
+        get root_path
+        must_respond_with :success
+      end
     end
-  end
 
-  describe "index" do
-    it "succeeds when there are works" do
-      get works_path
-      must_respond_with :success
-    end
+    describe "index" do
+      it "succeeds when there are works" do
+        get works_path
+        must_respond_with :success
+      end
 
-    it "succeeds when there are no works" do
-      Work.all.each {|work| work.destroy}
+      it "succeeds when there are no works" do
+        Work.all.each {|work| work.destroy}
 
-      Work.all.count.must_equal 0
-      get root_path
-      must_respond_with :success
+        Work.all.count.must_equal 0
+        get root_path
+        must_respond_with :success
+      end
     end
-  end
 
-  describe "new" do
-    it "succeeds" do
-      log_user_in(kari)
+    describe "new" do
+      it "succeeds" do
+        log_user_in(kari)
 
-      get new_work_path
-      must_respond_with :success
+        get new_work_path
+        must_respond_with :success
+      end
     end
-  end
 
-  describe "create" do
-    # let(:log_in) {log_user_in(kari)}
+    describe "create" do
+      # let(:log_in) {log_user_in(kari)}
+
+      it "creates a work with valid data for a real category" do
+        log_user_in(kari)
+
+        expect {
+          post works_path, params: new_work_params
+        }.must_change 'Work.count', 1
+
+        work = Work.find_by(title: 'rubber soul')
+
+        expect(flash[:status]).must_equal :success
+
+        must_respond_with :redirect
+        must_redirect_to work_path(work.id)
+      end
+      #
+      it "renders bad_request and does not update the DB for bogus data" do
+        log_user_in(kari)
+
+        new_work_params[:work][:title] = nil
+
+        expect {
+          post works_path, params: new_work_params
+        }.wont_change 'Work.count'
+
+        expect(flash[:status]).must_equal :failure
+
+        must_respond_with :bad_request
+      end
+
+      it "renders 400 bad_request for bogus categories" do
+        log_user_in(kari)
 
-    it "creates a work with valid data for a real category" do
-      log_user_in(kari)
+        INVALID_CATEGORIES.each do |category|
+          new_work_params[:work][:category] = category
 
-      expect {
-        post works_path, params: new_work_params
-      }.must_change 'Work.count', 1
+          expect {
+            post works_path, params: new_work_params
+          }.wont_change 'Work.count'
 
-      work = Work.find_by(title: 'rubber soul')
+          expect(flash[:status]).must_equal :failure
 
-      expect(flash[:status]).must_equal :success
+          must_respond_with :bad_request
+        end
+      end
 
-      must_respond_with :redirect
-      must_redirect_to work_path(work.id)
     end
-#
-    it "renders bad_request and does not update the DB for bogus data" do
-      log_user_in(kari)
 
-      new_work_params[:work][:title] = nil
+    describe "show" do
+      before do
+        log_user_in(kari)
+      end
 
-      expect {
-        post works_path, params: new_work_params
-      }.wont_change 'Work.count'
+      it "succeeds for an extant work ID" do
+        get work_path(works(:poodr).id)
+        must_respond_with :success
+      end
 
-      expect(flash[:status]).must_equal :failure
+      it "renders 404 not_found for a bogus work ID" do
+        get work_path(0)
+        must_respond_with 404
+      end
+    end
 
-      must_respond_with :bad_request
+    describe "edit" do
+      before do
+        log_user_in(kari)
+      end
+
+      it "succeeds for an extant work ID" do
+        get edit_work_path(works(:poodr).id)
+        must_respond_with :success
+      end
+
+      it "renders 404 not_found for a bogus work ID" do
+        get edit_work_path(0)
+        must_respond_with 404
+      end
     end
 
-    it "renders 400 bad_request for bogus categories" do
-      log_user_in(kari)
+    describe "update" do
+      before do
+        log_user_in(kari)
+      end
+
+      it "succeeds for valid data and an extant work ID" do
+        expect{
+          put work_path(works(:poodr).id), params: new_work_params
+        }.wont_change 'Work.count'
 
-      INVALID_CATEGORIES.each do |category|
-        new_work_params[:work][:category] = category
+        updated_work = Work.find_by(title: 'rubber soul')
+
+        expect(flash[:status]).must_equal :success
+
+        must_respond_with :redirect
+        must_redirect_to work_path(updated_work.id)
+
+        expect(updated_work.title).must_equal new_work_params[:work][:title]
+      end
+
+      it "renders bad_request for bogus data" do
+        new_work_params[:work][:title] = nil
 
         expect {
-          post works_path, params: new_work_params
+          put work_path(works(:poodr).id), params: new_work_params
         }.wont_change 'Work.count'
 
-        expect(flash[:status]).must_equal :failure
-
         must_respond_with :bad_request
       end
-    end
 
+      it "renders 404 not_found for a bogus work ID" do
+        expect {
+          put work_path(0), params: new_work_params
+        }.wont_change 'Work.count'
+
+        must_respond_with 404
+      end
+    end
+    #
+    #   describe "destroy" do
+    #     it "succeeds for an extant work ID" do
+    #
+    #     end
+    #
+    #     it "renders 404 not_found and does not update the DB for a bogus work ID" do
+    #
+    #     end
+    #   end
+    #
+    #   describe "upvote" do
+    #
+    #     it "redirects to the work page if no user is logged in" do
+    #
+    #     end
+    #
+    #     it "redirects to the work page after the user has logged out" do
+    #
+    #     end
+    #
+    #     it "succeeds for a logged-in user and a fresh user-vote pair" do
+    #
+    #     end
+    #
+    #     it "redirects to the work page if the user has already voted for that work" do
+    #
+    #     end
+    #   end
   end
-#
-#   describe "show" do
-#     it "succeeds for an extant work ID" do
-#
-#     end
-#
-#     it "renders 404 not_found for a bogus work ID" do
-#
-#     end
-#   end
-#
-#   describe "edit" do
-#     it "succeeds for an extant work ID" do
-#
-#     end
-#
-#     it "renders 404 not_found for a bogus work ID" do
-#
-#     end
-#   end
-#
-#   describe "update" do
-#     it "succeeds for valid data and an extant work ID" do
-#
-#     end
-#
-#     it "renders bad_request for bogus data" do
-#
-#     end
-#
-#     it "renders 404 not_found for a bogus work ID" do
-#
-#     end
-#   end
-#
-#   describe "destroy" do
-#     it "succeeds for an extant work ID" do
-#
-#     end
-#
-#     it "renders 404 not_found and does not update the DB for a bogus work ID" do
-#
-#     end
-#   end
-#
-#   describe "upvote" do
-#
-#     it "redirects to the work page if no user is logged in" do
-#
-#     end
-#
-#     it "redirects to the work page after the user has logged out" do
-#
-#     end
-#
-#     it "succeeds for a logged-in user and a fresh user-vote pair" do
-#
-#     end
-#
-#     it "redirects to the work page if the user has already voted for that work" do
-#
-#     end
-#   end
-end

From 34662f5934e6ca77909b12fdfb64ffee47d960d5 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 03:11:41 -0700
Subject: [PATCH 07/12] controller tests for works destroy

---
 test/controllers/works_controller_test.rb | 76 ++++++++++++++---------
 1 file changed, 47 insertions(+), 29 deletions(-)

diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index 7775fe4b..bc6d9fce 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -188,33 +188,51 @@
         must_respond_with 404
       end
     end
-    #
-    #   describe "destroy" do
-    #     it "succeeds for an extant work ID" do
-    #
-    #     end
-    #
-    #     it "renders 404 not_found and does not update the DB for a bogus work ID" do
-    #
-    #     end
-    #   end
-    #
-    #   describe "upvote" do
-    #
-    #     it "redirects to the work page if no user is logged in" do
-    #
-    #     end
-    #
-    #     it "redirects to the work page after the user has logged out" do
-    #
-    #     end
-    #
-    #     it "succeeds for a logged-in user and a fresh user-vote pair" do
-    #
-    #     end
-    #
-    #     it "redirects to the work page if the user has already voted for that work" do
-    #
-    #     end
-    #   end
+
+    describe "destroy" do
+      before do
+        log_user_in(kari)
+      end
+
+      it "succeeds for an extant work ID" do
+        expect {
+          delete work_path(works(:poodr).id)
+        }.must_change 'Work.count', -1
+
+        must_respond_with :redirect
+        must_redirect_to root_path
+
+        expect(flash[:status]).must_equal :success
+      end
+
+      it "renders 404 not_found and does not update the DB for a bogus work ID" do
+        expect {
+          delete work_path(0)
+        }.wont_change 'Work.count'
+
+        must_respond_with 404
+      end
+    end
+
+    describe "upvote" do
+      before do
+        log_user_in(kari)
+      end
+
+      it "redirects to the work page if no user is logged in" do
+        skip
+      end
+
+      it "redirects to the work page after the user has logged out" do
+        skip
+      end
+
+      it "succeeds for a logged-in user and a fresh user-vote pair" do
+        skip
+      end
+
+      it "redirects to the work page if the user has already voted for that work" do
+        skip
+      end
+    end
   end

From d43a4f43daf836b48dc426b7802281889ee98cf1 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 03:51:46 -0700
Subject: [PATCH 08/12] upvote testing - works controller

---
 test/controllers/works_controller_test.rb | 76 ++++++++++++++++-------
 1 file changed, 55 insertions(+), 21 deletions(-)

diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb
index bc6d9fce..bc3336ec 100644
--- a/test/controllers/works_controller_test.rb
+++ b/test/controllers/works_controller_test.rb
@@ -1,10 +1,12 @@
 require 'test_helper'
+# TODO: PRECONDITIONS?
 
 describe WorksController do
   CATEGORIES = %w(albums books movies)
   INVALID_CATEGORIES = ["nope", "42", "", "  ", "albumstrailingtext"]
 
   let(:kari) {users(:kari)}
+  let(:poodr) {works(:poodr)}
   let(:new_work_params) {{
     work: {
       title: 'rubber soul',
@@ -33,10 +35,7 @@
       end
 
       it "succeeds with no media" do
-        works(:album).destroy
-        works(:another_album).destroy
-        works(:poodr).destroy
-        works(:movie).destroy
+        Work.all.each { |work| work.destroy}
 
         Work.all.count.must_equal 0
         get root_path
@@ -60,9 +59,10 @@
     end
 
     describe "new" do
-      it "succeeds" do
+      before do
         log_user_in(kari)
-
+      end
+      it "succeeds" do
         get new_work_path
         must_respond_with :success
       end
@@ -72,8 +72,6 @@
       # let(:log_in) {log_user_in(kari)}
 
       it "creates a work with valid data for a real category" do
-        log_user_in(kari)
-
         expect {
           post works_path, params: new_work_params
         }.must_change 'Work.count', 1
@@ -87,8 +85,6 @@
       end
       #
       it "renders bad_request and does not update the DB for bogus data" do
-        log_user_in(kari)
-
         new_work_params[:work][:title] = nil
 
         expect {
@@ -101,8 +97,6 @@
       end
 
       it "renders 400 bad_request for bogus categories" do
-        log_user_in(kari)
-
         INVALID_CATEGORIES.each do |category|
           new_work_params[:work][:category] = category
 
@@ -124,7 +118,7 @@
       end
 
       it "succeeds for an extant work ID" do
-        get work_path(works(:poodr).id)
+        get work_path(poodr.id)
         must_respond_with :success
       end
 
@@ -140,7 +134,7 @@
       end
 
       it "succeeds for an extant work ID" do
-        get edit_work_path(works(:poodr).id)
+        get edit_work_path(poodr.id)
         must_respond_with :success
       end
 
@@ -157,7 +151,7 @@
 
       it "succeeds for valid data and an extant work ID" do
         expect{
-          put work_path(works(:poodr).id), params: new_work_params
+          put work_path(poodr.id), params: new_work_params
         }.wont_change 'Work.count'
 
         updated_work = Work.find_by(title: 'rubber soul')
@@ -174,7 +168,7 @@
         new_work_params[:work][:title] = nil
 
         expect {
-          put work_path(works(:poodr).id), params: new_work_params
+          put work_path(poodr.id), params: new_work_params
         }.wont_change 'Work.count'
 
         must_respond_with :bad_request
@@ -196,7 +190,7 @@
 
       it "succeeds for an extant work ID" do
         expect {
-          delete work_path(works(:poodr).id)
+          delete work_path(poodr.id)
         }.must_change 'Work.count', -1
 
         must_respond_with :redirect
@@ -220,19 +214,59 @@
       end
 
       it "redirects to the work page if no user is logged in" do
-        skip
+        get work_path(poodr.id)
+
+        delete logout_path
+        expect(session[:user_id]).must_be_nil
+
+        expect {
+          post upvote_path(poodr.id)
+        }.wont_change 'Vote.count'
+
+        must_respond_with :redirect
+        must_redirect_to work_path(poodr.id)
       end
 
       it "redirects to the work page after the user has logged out" do
-        skip
+        expect(session[:user_id]).must_equal kari.id
+
+        get work_path(poodr.id)
+
+        delete logout_path
+        expect(session[:user_id]).must_be_nil
+
+        expect {
+          post upvote_path(poodr.id)
+        }.wont_change 'Vote.count'
+
+        must_respond_with :redirect
+        must_redirect_to work_path(poodr.id)
       end
 
       it "succeeds for a logged-in user and a fresh user-vote pair" do
-        skip
+        expect(session[:user_id]).must_equal kari.id
+
+        expect {
+          post upvote_path(poodr.id)
+        }.must_change 'Vote.count', 1
+
+        must_respond_with :redirect
+        must_redirect_to work_path(poodr.id)
       end
 
       it "redirects to the work page if the user has already voted for that work" do
-        skip
+        expect(session[:user_id]).must_equal kari.id
+
+        expect {
+          post upvote_path(poodr.id)
+        }.must_change 'Vote.count', 1
+
+        expect {
+          post upvote_path(poodr.id)
+        }.wont_change 'Vote.count'
+
+        must_respond_with :redirect
+        must_redirect_to work_path(poodr.id)
       end
     end
   end

From 940a4c5362e48784afc95aa5e03ea7d12cafc8f8 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 03:57:57 -0700
Subject: [PATCH 09/12] prepping for wave 3 (i started  w wave 2, woops)

---
 test/controllers/users_controller_test.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index d2c5cfbb..61fc40e1 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -1,5 +1,11 @@
 require 'test_helper'
 
 describe UsersController do
+  describe 'logged-in users' do
+    # wave 3
+  end
+
+  describe 'guests' do
+  end
 
 end

From f263ce0461974140ebaccaa1a68b58d5c34fb5df Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 15:24:00 -0700
Subject: [PATCH 10/12] dropped null false from users db since it was breaking
 tests

---
 db/migrate/20181029221142_remove_null_in_users.rb | 6 ++++++
 db/schema.rb                                      | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 db/migrate/20181029221142_remove_null_in_users.rb

diff --git a/db/migrate/20181029221142_remove_null_in_users.rb b/db/migrate/20181029221142_remove_null_in_users.rb
new file mode 100644
index 00000000..40ea5783
--- /dev/null
+++ b/db/migrate/20181029221142_remove_null_in_users.rb
@@ -0,0 +1,6 @@
+class RemoveNullInUsers < ActiveRecord::Migration[5.2]
+  def change
+    change_column_null :users, :uid, true
+    change_column_null :users, :provider, true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index b3507546..51271a73 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2018_10_16_180946) do
+ActiveRecord::Schema.define(version: 2018_10_29_221142) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -21,8 +21,8 @@
     t.datetime "updated_at", null: false
     t.string "name"
     t.string "email"
-    t.integer "uid", null: false
-    t.string "provider", null: false
+    t.integer "uid"
+    t.string "provider"
   end
 
   create_table "votes", id: :serial, force: :cascade do |t|

From 69d583979096e16d23791d453b3d9ead5a628ac3 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 22:07:47 -0700
Subject: [PATCH 11/12] sessions controller tests pass

---
 app/controllers/sessions_controller.rb       |  2 +
 test/controllers/sessions_controller_test.rb | 41 ++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 42b26339..e2510f6a 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,7 @@
 class SessionsController < ApplicationController
 
+  skip_before_action :find_user, only: [:create]
+
   def create
     auth_hash = request.env['omniauth.auth']
 
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
index f641d15c..4d820c3a 100644
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -1,5 +1,46 @@
 require "test_helper"
 
 describe SessionsController do
+  let(:kari) {users(:kari)}
+
+  describe 'auth_callback' do
+    it 'logs in an existing user and redirects to root' do
+      log_user_in(kari)
+
+      expect {
+        get auth_callback_path(:github)
+      }.wont_change 'User.count'
+
+      expect(session[:user_id]).must_equal kari.id
+      must_redirect_to root_path
+    end
+
+    it 'creates a new user and redirects to root' do
+
+      expect {
+        log_user_in(User.create(username: 'newy', email: 'new@new.com', uid: 1234, provider: 'github'))
+      }.must_change 'User.count', 1
+
+      must_redirect_to root_path
+    end
+
+    it 'does not allow user to login with bad data' do
+      expect{
+        log_user_in(User.create(username: nil, email: 'new@new.com', uid: 1234, provider: 'github'))
+      }.wont_change 'User.count'
+
+      expect(session[:user_id]).must_be_nil
+      must_redirect_to root_path
+    end
+  end
+
+  describe 'destroy' do
+    it 'ends session/logs out user' do
+      log_user_in(kari)
+
+      delete logout_path
+      expect(session[:user_id]).must_be_nil
+    end
+  end
 
 end

From e08d97d4e3ca6907489c36c395da4c6509c9bce2 Mon Sep 17 00:00:00 2001
From: kangazoom <michellelcronin@gmail.com>
Date: Mon, 29 Oct 2018 23:36:50 -0700
Subject: [PATCH 12/12] user controller tests pass

---
 app/controllers/application_controller.rb | 11 +++++-
 app/controllers/users_controller.rb       |  3 ++
 test/controllers/users_controller_test.rb | 45 ++++++++++++++++++++++-
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c12c7c17..b06287b5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
-  before_action :find_user
+  before_action :find_user, except: [:root]
 
   def render_404
     # DPR: this will actually render a 404 page in production
@@ -14,4 +14,13 @@ def find_user
       @login_user = User.find_by(id: session[:user_id])
     end
   end
+
+  def must_login
+    if @login_user.nil?
+      flash[:status] = :failure
+      flash[:result_test] = 'You must log in to do that'
+
+      redirect_to root_path
+    end
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 73b42652..42a888b4 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,7 @@
 class UsersController < ApplicationController
+
+  before_action :must_login
+
   def index
     @users = User.all
   end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index 61fc40e1..be391079 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -1,11 +1,54 @@
 require 'test_helper'
 
 describe UsersController do
+
   describe 'logged-in users' do
-    # wave 3
+    let(:kari) {users(:kari)}
+
+    describe 'index' do
+      before do
+        log_user_in(kari)
+      end
+
+      it 'succeeds for user' do
+        get users_path
+        must_respond_with :success
+      end
+    end
+
+    describe 'show' do
+      before do
+        log_user_in(kari)
+      end
+
+      it 'succeeds for user with existing id' do
+        get user_path(users(:kari).id)
+        must_respond_with :success
+      end
+
+      it 'renders 404 for bogus work' do
+        get user_path(0)
+        must_respond_with 404
+      end
+    end
   end
 
+  # oyyy can't get these to workkkkk
+
   describe 'guests' do
+    it 'cannot access users index' do
+      get users_path
+
+      must_respond_with :redirect #bad_request
+      must_redirect_to root_path
+    end
+
+    it 'cannot access user show' do
+      get user_path(users(:kari).id)
+
+      must_respond_with :redirect #404
+      must_redirect_to root_path
+    end
   end
 
 end