Instructions on how to Authenticate in Ruby on Rails 6.0

Wednesday, 25/11/2020

Tram Ho

To get started, let’s create a new Rails app.

rails new session_practice
cd session_practice

rails new session_practice

cd session_practice

Then, we will create the User model and its controller. Then we need one more controller to handle custom routes to handle the session.

Model

We need to create a model with 2 attributes: username and password.

rails g model user username password_digest

1 2	rails g model user username password_digest

Controller

UsersController needs 2 actions, new and create . And SessionsController will need two actions to manage login fail and pass, new and create . And we will need to declare 4 paths to these 4 actions in routes file.

We need to use the command

rails g controller users new create 
rails g controller sessions new create login welcome

rails g controller users new create

rails g controller sessions new create login welcome

Bcrypt

In the database, we will not store plain passwords, we will encrypt them with Bcrypt and store the encrypted chunks in the DB. So we’ll add the bcrypt gem;

gem install bcrypt
bundle install

gem install bcrypt

bundle install

In the User model, we will add a macro to use the Bcrypt method.

class User &lt; ApplicationRecord
     has_secure_password
end

class User < ApplicationRecord

has_secure_password

end

Routes

The next thing we need to do is to add routes in the config/routes.rb file

Rails.application.routes.draw do
   resources :users, only: [:new, :create]
   get 'login', to: 'sessions#new'
   post 'login', to: 'sessions#create'
   get 'welcome', to: 'sessions#welcome'
end

Rails.application.routes.draw do

resources :users, only: [:new, :create]

get 'login', to: 'sessions#new'

post 'login', to: 'sessions#create'

get 'welcome', to: 'sessions#welcome'

end

Now we need a View to display the Sigup and Login buttons. If the user is logged in, display their name.

View

We need to add:

Signup and Login buttons upon arrival, so we will add these 2 buttons to sessions/welcome.index.erb

<span class="token operator">&lt;</span> h1 <span class="token operator">&gt;</span> <span class="token constant">Welcome</span> <span class="token operator">&lt;</span> <span class="token operator">/</span> h1 <span class="token operator">&gt;</span>
<span class="token operator">&lt;</span> <span class="token string">%= button_to "Login", '/login', method: :get%&gt;
&lt;%=</span> button_to <span class="token string">"Sign Up"</span> <span class="token punctuation">,</span> <span class="token string">'/users/new'</span> <span class="token punctuation">,</span> method <span class="token punctuation">:</span> <span class="token symbol">:get</span> <span class="token operator">%</span> <span class="token operator">&gt;</span>

< h1 > Welcome < / h1 >

< %= button_to "Login", '/login', method: :get%>

<%= button_to "Sign Up" , '/users/new' , method : :get % >

The Signup button redirects to new in UsersController so we will add the signup form to users/new.html.erb .

The Login button will redirect to new in the SessiosController , so we will add a login form to sessions/new.html.erb .

Form Signup

<span class="token operator">&lt;</span> h1 <span class="token operator">&gt;</span> <span class="token constant">Sign</span> <span class="token constant">Up</span> <span class="token operator">&lt;</span> <span class="token operator">/</span> h1 <span class="token operator">&gt;</span>
<span class="token operator">&lt;</span> <span class="token string">%= form_for @user do |f|%&gt;
  &lt;%=</span> f <span class="token punctuation">.</span> label <span class="token symbol">:username</span> <span class="token string">%&gt;&lt;br&gt;</span>
  <span class="token operator">&lt;</span> <span class="token string">%= f.text_field :username%&gt;&lt;br&gt;
  &lt;%=</span> f <span class="token punctuation">.</span> label <span class="token symbol">:password</span> <span class="token string">%&gt;&lt;br&gt;</span>
  <span class="token operator">&lt;</span> <span class="token string">%= f.password_field :password%&gt;&lt;br&gt;
  &lt;%=</span> f <span class="token punctuation">.</span> submit <span class="token string">%&gt;
&lt;%end%&gt;</span>

< h1 > Sign Up < / h1 >

< %= form_for @user do |f|%>

<%= f . label :username %>

< %= f.text_field :username%>

<%= f . label :password %>

< %= f.password_field :password%>

<%= f . submit %>

<%end%>

The @user variable will be defined as @user = User.new in the new UsersController action

When the user clicks the “Submit” button, we will navigate to the create action in UsersController .

<span class="token keyword">def</span> <span class="token method-definition"><span class="token function">create</span></span>
   <span class="token variable">@user</span> <span class="token operator">=</span> <span class="token constant">User</span> <span class="token punctuation">.</span> create <span class="token punctuation">(</span> params <span class="token punctuation">.</span> <span class="token keyword">require</span> <span class="token punctuation">(</span> <span class="token symbol">:user</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> permit <span class="token punctuation">(</span> <span class="token symbol">:username</span> <span class="token punctuation">,</span> <span class="token symbol">:password</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span>
   session <span class="token punctuation">[</span> <span class="token symbol">:user_id</span> <span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token variable">@user</span> <span class="token punctuation">.</span> id
   redirect_to <span class="token string">'/welcome'</span>
<span class="token keyword">end</span>

def create

@user = User . create ( params . require ( :user ) . permit ( :username , :password ) )

session [ :user_id ] = @user . id

redirect_to '/welcome'

end

First, we create instance variables and then redirect them to the homepage. Then we will need to save user_id to the session. We will need to create a method to store information of the currently logged in user. Therefore, we need to add a method in the Application Controller to make sure everyone can access this method

<span class="token keyword">def</span> <span class="token method-definition"><span class="token function">current_user</span></span>    
    <span class="token constant">User</span> <span class="token punctuation">.</span> find_by <span class="token punctuation">(</span> id <span class="token punctuation">:</span> session <span class="token punctuation">[</span> <span class="token symbol">:user_id</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span>  
<span class="token keyword">end</span>

def current_user

User . find_by ( id : session [ :user_id ] )

end

Also, we need to check if the user is logged in or not

<span class="token keyword">def</span> <span class="token method-definition"><span class="token function">logged_in</span></span> <span class="token operator">?</span>
    <span class="token operator">!</span> current_user <span class="token punctuation">.</span> <span class="token keyword">nil</span> <span class="token operator">?</span>  
<span class="token keyword">end</span>

def logged_in ?

! current_user . nil ?

end

To make the view accessible to this method, we need to use the helper_method macro. So our ApplicationController would look like this:

<span class="token keyword">class</span> <span class="token class-name">ApplicationController</span> <span class="token operator">&lt;</span> <span class="token constant">ActionController</span> <span class="token punctuation">:</span> <span class="token punctuation">:</span> <span class="token constant">Base</span>
    helper_method <span class="token symbol">:current_user</span>
    helper_method <span class="token symbol">:logged_in?</span>
    
    <span class="token keyword">def</span> <span class="token method-definition"><span class="token function">current_user</span></span>
       <span class="token constant">User</span> <span class="token punctuation">.</span> find_by <span class="token punctuation">(</span> id <span class="token punctuation">:</span> session <span class="token punctuation">[</span> <span class="token symbol">:user_id</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span>
    <span class="token keyword">end</span>
    <span class="token keyword">def</span> <span class="token method-definition"><span class="token function">logged_in</span></span> <span class="token operator">?</span>
        <span class="token operator">!</span> current_user <span class="token punctuation">.</span> <span class="token keyword">nil</span> <span class="token operator">?</span>
    <span class="token keyword">end</span>

<span class="token keyword">end</span>

class ApplicationController < ActionController : : Base

helper_method :current_user

helper_method :logged_in?

def current_user

end

def logged_in ?

! current_user . nil ?

end

then, if the user is already logged in, we will display the name of the user, so the file sessions/welcome.html.erb

<span class="token operator">&lt;</span> h1 <span class="token operator">&gt;</span> <span class="token constant">Welcome</span> <span class="token operator">&lt;</span> <span class="token operator">/</span> h1 <span class="token operator">&gt;</span>
<span class="token operator">&lt;</span> <span class="token operator">%</span> <span class="token keyword">if</span> logged_in <span class="token operator">?</span> <span class="token string">%&gt;
    &lt;h1&gt;</span> <span class="token constant">You</span> are <span class="token constant">Logged</span> <span class="token constant">In</span> <span class="token punctuation">,</span> <span class="token operator">&lt;</span> <span class="token string">%= current_user.username %&gt;&lt;/h1&gt;
&lt;% end %&gt;
&lt;%=</span> button_to <span class="token string">"Login"</span> <span class="token punctuation">,</span> <span class="token string">'/login'</span> <span class="token punctuation">,</span> method <span class="token punctuation">:</span> <span class="token symbol">:get</span> <span class="token string">%&gt;
&lt;%= button_to "Sign Up", '/users/new', method: :get%&gt;</span>

< % if logged_in ? %>

<h1> You are Logged In , < %= current_user.username %></h1>

<% end %>

<%= button_to "Login" , '/login' , method : :get %>

<%= button_to "Sign Up", '/users/new', method: :get%>

After we have signedup we will save the session for that person. We will implement a page for login during sessions/new.html.erb

    <span class="token operator">&lt;</span> h1 <span class="token operator">&gt;</span> <span class="token constant">Login</span> <span class="token operator">&lt;</span> <span class="token operator">/</span> h1 <span class="token operator">&gt;</span>
    <span class="token operator">&lt;</span> <span class="token string">%= form_tag '/login' do %&gt;
       &lt;%=</span> label_tag <span class="token symbol">:username</span> <span class="token string">%&gt;
       &lt;%= text_field_tag :username %&gt;</span>
       <span class="token operator">&lt;</span> <span class="token string">%= label_tag :password%&gt;
       &lt;%=</span> password_field_tag <span class="token symbol">:password</span> <span class="token string">%&gt;
       &lt;%= submit_tag "Login"%&gt;</span>
    <span class="token operator">&lt;</span> <span class="token operator">%</span> <span class="token keyword">end</span> <span class="token operator">%</span> <span class="token operator">&gt;</span>

< h1 > Login < / h1 >

< %= form_tag '/login' do %>

<%= label_tag :username %>

<%= text_field_tag :username %>

< %= label_tag :password%>

<%= password_field_tag :password %>

<%= submit_tag "Login"%>

< % end % >

After submitting, Sessions will be responsible for finding a user based on the username

<span class="token keyword">def</span> <span class="token method-definition"><span class="token function">create</span></span>
  <span class="token variable">@user</span> <span class="token operator">=</span> <span class="token constant">User</span> <span class="token punctuation">.</span> find_by <span class="token punctuation">(</span> username <span class="token punctuation">:</span> params <span class="token punctuation">[</span> <span class="token symbol">:username</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span>
  <span class="token keyword">if</span> <span class="token variable">@user</span> <span class="token operator">&amp;&amp;</span> <span class="token variable">@user</span> <span class="token punctuation">.</span> authenticate <span class="token punctuation">(</span> params <span class="token punctuation">[</span> <span class="token symbol">:password</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span>
     sessions <span class="token punctuation">[</span> <span class="token symbol">:user_id</span> <span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token variable">@user</span> <span class="token punctuation">.</span> id
     redirect_to <span class="token string">'/welcome'</span>
  <span class="token keyword">else</span>
     redirect_to <span class="token string">'/login'</span>
  <span class="token keyword">end</span>
<span class="token keyword">end</span>

def create

if @user && @user . authenticate ( params [ :password ] )

sessions [ :user_id ] = @user . id

redirect_to '/welcome'

else

redirect_to '/login'

end

If we find a user, we will check to see if there is the same password. To do this we use the authenticate method of Bcrypt.

Authorization

In some pages, we need to login, but some pages we don’t. So we can use the filter to check the login.

<span class="token keyword">class</span> <span class="token class-name">ApplicationController</span> <span class="token operator">&lt;</span> <span class="token constant">ActionController</span> <span class="token punctuation">:</span> <span class="token punctuation">:</span> <span class="token constant">Base</span>
    before_action <span class="token symbol">:authorized</span>
   <span class="token punctuation">.</span>
   <span class="token punctuation">.</span>
   <span class="token punctuation">.</span>
    <span class="token keyword">def</span> <span class="token method-definition"><span class="token function">authorized</span></span>
       redirect_to <span class="token string">'/welcome'</span> <span class="token keyword">unless</span> logged_in <span class="token operator">?</span>
    <span class="token keyword">end</span>
    <span class="token keyword">end</span>

before_action :authorized

.

def authorized

redirect_to '/welcome' unless logged_in ?

end

When adding to the Application, all legacy controllers will be authorized. So if the controller is not in use, we can skip it using the skip_before_action method

<span class="token keyword">class</span> <span class="token class-name">UsersController</span> <span class="token operator">&lt;</span> <span class="token constant">ApplicationController</span>
    skip_before_action <span class="token symbol">:authorized</span> <span class="token punctuation">,</span> only <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token symbol">:new</span> <span class="token punctuation">,</span> <span class="token symbol">:create</span> <span class="token punctuation">]</span>
    <span class="token punctuation">.</span>
    <span class="token punctuation">.</span>
    <span class="token punctuation">.</span>
<span class="token keyword">end</span>

class UsersController < ApplicationController

skip_before_action :authorized , only : [ :new , :create ]

.

end

So we have installed the authorization for our website.

Good luck. Where can I learn Ruby On Rails effectively, it can only be Awesome Academy. Refer to the programming courses at Awesome Academy at the link https://awesome-academy.com/lich-khai-giang

Share the news now

Source : Viblo

Instructions on how to Authenticate in Ruby on Rails 6.0

Model

Controller

Bcrypt

Routes

View

Form Signup

Authorization

Korea vs Japan: Who will win when building a billion-dollar 'precious components' furnace?

What did "Steve Jobs retail" do to push the 1,100 118-year-old supermarket chain close to bankruptcy, losing $ 1 billion, laying off 19,000 employees?

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers