{"id":598,"date":"2011-11-27T02:00:28","date_gmt":"2011-11-27T02:00:28","guid":{"rendered":"http:\/\/41j.com\/blog\/?p=598"},"modified":"2011-11-27T02:01:27","modified_gmt":"2011-11-27T02:01:27","slug":"adding-user-authentication-to-a-ruby-on-the-rails-application","status":"publish","type":"post","link":"https:\/\/41j.com\/blog\/2011\/11\/adding-user-authentication-to-a-ruby-on-the-rails-application\/","title":{"rendered":"Adding User Authentication to a Ruby on the Rails Application"},"content":{"rendered":"

Adding User authentication to a Ruby on the rails app. This follows the method discussed in “Agile Web Development with Rails”. Some of the example code is copied from there.<\/p>\n

0. Create user database:<\/p>\n

\r\nrails generate scaffold User name:string password_digest:string\r\nrake db:migrate\r\n<\/pre>\n
1. Edit app\/models\/user.rb such that it reads:<\/p>\n
\r\nclass User < ActiveRecord::Base\r\n  validates :name, presence: true, uniqueness: true\r\n  has_secure_password # This makes the password a digest and forces you to enter it twice.\r\nend\r\n<\/pre>\n
2. add bcrypt to the gemfile, edit Gemfile:<\/p>\n
\r\ngem 'bcrypt-ruby'\r\n<\/pre>\n
You may need to run “bundle install”.<\/p>\n
3. Edit the user edit form to add password confirmation:<\/p>\n
app\/views\/users\/_form.html.erb so that it reads as follows:<\/p>\n
\r\n<%= form_for(@user) do |f| %>\r\n  <% if @user.errors.any? %>\r\n    <div id="error_explanation">\r\n      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:<\/h2>\r\n\r\n      <ul>\r\n      <% @user.errors.full_messages.each do |msg| %>\r\n        <li><%= msg %><\/li>\r\n      <% end %>\r\n      <\/ul>\r\n    <\/div>\r\n  <% end %>\r\n\r\n  <fieldset>\r\n\r\n  <div class="field">\r\n    <%= f.label :name %><br \/>\r\n    <%= f.text_field :name %>\r\n  <\/div>\r\n  <div class="field">\r\n    <%= f.label :password, 'Password' %><br \/>\r\n    <%= f.password_field :password %>\r\n  <\/div>\r\n\r\n  <div>\r\n    <%= f.label :password_confirmation, 'Confirm' %>:\r\n    <%= f.password_field :password_confirmation %>\r\n  <\/div>\r\n\r\n  <div class="actions">\r\n    <%= f.submit %>\r\n  <\/div>\r\n\r\n  <\/fieldset>\r\n<% end %>\r\n<\/pre>\n
4. Create session controller…<\/p>\n
\r\nrails generate controller Sessions new create destroy\r\n<\/pre>\n
Edit: app\/controllers\/sessions_controller.rb<\/p>\n
Should look like this following edits:<\/p>\n
\r\nclass SessionsController < ApplicationController\r\n  skip_before_filter :authorize\r\n\r\n  def new\r\n  end\r\n\r\n  def create\r\n    user = User.find_by_name(params[:name])\r\n    if user and user.authenticate(params[:password])\r\n      session[:user_id] = user.id\r\n      #redirect_to admin_url # use this to redirect the user somewhere after login\r\n    else\r\n      redirect_to login_url, alert: "Invalid user\/password combination"\r\n    end\r\n  end\r\n\r\n  def destroy\r\n    session[:user_id] = nil\r\n  end\r\n\r\nend\r\n<\/pre>\n
You should open localhost:3000\/users at this point and create a user. We’ll be adding authentication next and you will need at least one user to be able to login and create more.<\/p>\n
5. Create the login page.<\/p>\n
Edit app\/views\/sessions\/new.html.erb to read:<\/p>\n
\r\n<div class="depot_form" >\r\n<% if flash[:alert] %>\r\n<p id="notice" ><%= flash[:alert] %><\/p>\r\n<% end %>\r\n\r\n<%= form_tag do %>\r\n<fieldset>\r\n<legend>Please Log In<\/legend>\r\n\r\n<div>\r\n<label for="name" >Name:<\/label>\r\n<%= text_field_tag :name, params[:name] %>\r\n<\/div>\r\n\r\n<div>\r\n<label for="password" >Password:<\/label>\r\n<%= password_field_tag :password, params[:password] %>\r\n<\/div>\r\n\r\n<div>\r\n<%= submit_tag "Login" %>\r\n<\/div>\r\n<\/fieldset>\r\n<% end %>\r\n<\/div>\r\n<\/pre>\n
Edit the route controller:<\/p>\n
config\/routes.rb remove:<\/p>\n
\r\n  get "sessions\/new"\r\n\r\n  get "sessions\/create"\r\n\r\n  get "sessions\/destroy"\r\n<\/pre>\n
add:<\/p>\n
\r\n  controller :sessions do\r\n    get 'login' => :new\r\n    post 'login' => :create\r\n    delete 'logout' => :destroy\r\n  end\r\n<\/pre>\n
6. Now we need to add a “filter” to provide for authenication:<\/p>\n
edit app\/controllers\/application_controller.rb<\/p>\n
It should read as follows:<\/p>\n
\r\nclass ApplicationController < ActionController::Base\r\n  protect_from_forgery\r\n\r\n  before_filter :authorize\r\n\r\n  # ...\r\n\r\n  protected\r\n\r\n  def authorize\r\n    unless User.find_by_id(session[:user_id])\r\n      redirect_to login_url, notice: "Please log in"\r\n    end\r\n  end\r\nend\r\n<\/pre>\n
7. You’ll need to skip authorisation for all controllers that don’t need a login.<\/p>\n
The following with skip authorisation for all methods in a controller add the following after the beginning of the class definiton:<\/p>\n
\r\nskip_before_filter :authorize\r\n<\/pre>\n
For particular methods:<\/p>\n
\r\nskip_before_filter :authorize, only: [:create, :update, :destroy]\r\n<\/pre>\n
8. Logoff code:<\/p>\n
Add the following on pages where you want a logoff button:<\/p>\n
\r\n<% if session[:user_id] %>\r\n<%= button_to 'Logout', logout_path, method: :delete %>\r\n<% end %>\r\n<\/div>\r\n<div id="main" >\r\n<%= yield %>\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Adding User authentication to a Ruby on the rails app. This follows the method discussed in “Agile Web Development with Rails”. Some of the example code is copied from there. 0. Create user database: rails generate scaffold User name:string password_digest:string rake db:migrate 1. Edit app\/models\/user.rb such that it reads: class User < ActiveRecord::Base validates :name, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-598","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1RRoU-9E","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/comments?post=598"}],"version-history":[{"count":2,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/598\/revisions"}],"predecessor-version":[{"id":600,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/598\/revisions\/600"}],"wp:attachment":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/media?parent=598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/categories?post=598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/tags?post=598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}