Instructions on how to Authenticate in Ruby on Rails 6.0

Tram Ho

To get started, let’s create a new Rails app.

Then, we will create the User model and its controller. Then we need one more controller to handle custom routes to handle the session.


We need to create a model with 2 attributes: username and password.


UsersController needs 2 actions, new and create . And SessionsController will need two actions to manage login fail and pass, new and create . And we will need to declare 4 paths to these 4 actions in routes file.

We need to use the command


In the database, we will not store plain passwords, we will encrypt them with Bcrypt and store the encrypted chunks in the DB. So we’ll add the bcrypt gem;

In the User model, we will add a macro to use the Bcrypt method.


The next thing we need to do is to add routes in the config/routes.rb file

Now we need a View to display the Sigup and Login buttons. If the user is logged in, display their name.


We need to add:

  • Signup and Login buttons upon arrival, so we will add these 2 buttons to sessions/welcome.index.erb

  • The Signup button redirects to new in UsersController so we will add the signup form to users/new.html.erb .
  • The Login button will redirect to new in the SessiosController , so we will add a login form to sessions/new.html.erb .

    Form Signup

    The @user variable will be defined as @user = in the new UsersController action

    When the user clicks the “Submit” button, we will navigate to the create action in UsersController .

    First, we create instance variables and then redirect them to the homepage. Then we will need to save user_id to the session. We will need to create a method to store information of the currently logged in user. Therefore, we need to add a method in the Application Controller to make sure everyone can access this method

    Also, we need to check if the user is logged in or not

    To make the view accessible to this method, we need to use the helper_method macro. So our ApplicationController would look like this:

    then, if the user is already logged in, we will display the name of the user, so the file sessions/welcome.html.erb

    After we have signedup we will save the session for that person. We will implement a page for login during sessions/new.html.erb

    After submitting, Sessions will be responsible for finding a user based on the username

    If we find a user, we will check to see if there is the same password. To do this we use the authenticate method of Bcrypt.


In some pages, we need to login, but some pages we don’t. So we can use the filter to check the login.

When adding to the Application, all legacy controllers will be authorized. So if the controller is not in use, we can skip it using the skip_before_action method

So we have installed the authorization for our website.

Good luck. Where can I learn Ruby On Rails effectively, it can only be Awesome Academy. Refer to the programming courses at Awesome Academy at the link

Share the news now

Source : Viblo