Exploring ActiveRecord::Base::normalizes in Rails 7.1

Arish Khan — Wed, 22 Jan 2025 07:26:10 +0000

Occasionally, there’s a need to standardize data before it’s stored in a database. For instance, you might want to convert email addresses to lowercase, eliminate leading and trailing spaces, and more. With the introduction of Rails 7.1, the new ActiveRecord::Base::normalizes API comes into play. This feature empowers you to normalize attribute values to a uniform format before they’re persisted in the database. By doing so, you enhance the integrity and consistency of your data and simplify the process of querying records based on attribute values

Prior to Rails 7.1, attribute normalization could be achieved by utilizing the before_save callback.

class User < ApplicationRecord
  before_save :normalize_email

  private

  def normalize_email
    self.email = email.strip.downcase if email.present?
  end
end

Rails 7.1 onwards

class User < ActiveRecord::Base
  normalizes :email, with: -> email { email.downcase.strip }
end

By default, the normalization will not be applied to nil values. This behavior can be modified using the apply_to_nil option, which is set to false by default.

class User < ActiveRecord::Base
  normalizes :email, with: -> email { email&.downcase&.titleize || 'example@yourdomain.com' }, apply_to_nil: true
end

You can also utilize the normalizes method to apply normalization to multiple attributes simultaneously.

class User < ActiveRecord::Base
  normalizes :email, :first_name, :last_name, :title, with: -> attribute { attribute.strip }
end

How can you apply normalization to pre-existing records?

Normalization takes effect when an attribute is assigned or updated. This implies that if a record was saved before the normalization rule was established, the attribute won’t be normalized until it receives a new value. To address this, you can explicitly perform migration through Normalization#normalize_attribute.

class User < ActiveRecord::Base
  normalizes :email, with: ->(email) { email&.downcase&.strip }
end

User.find_each do |user|
  # user.email # => "\n\nexample@DOMAIN.COM\n"
  user.normalize_attribute(:email)
  # user.email # => "example@domain.com"
  user.save
end

Note: The normalization can be applied multiple times and is designed to be idempotent. This means that applying the normalization repeatedly will yield the same result as applying it just once.

Please review this pull request for more details.

Rails - 8 Authentication Generator

Arish Khan — Tue, 21 Jan 2025 11:39:44 +0000

Simplifying Authentication in Rails 8 with a New Generator

With Rails 8, developers now have a straightforward way to add essential authentication features without relying on complex all-in-one gems. Rails now includes a built-in generator that brings together all the fundamental components needed for basic user authentication. This guide will walk you through the capabilities of this new authentication scaffold and explain how it can help streamline your Rails application setup.

Getting Started with Authentication in Rails 8

To add a basic authentication system, you can run the following command in your Rails project:

bin/rails generate authentication

This command generates essential files that form the foundation for a complete authentication system, including session handling and password reset functionality. Let’s delve into the structure and details of what’s generated.

Core Models and Database Migrations

Certainly! Here’s a rephrased version that maintains the essential information but is presented with distinct wording and structure:

Simplifying Authentication in Rails 8 with a New Generator

Getting Started with Authentication in Rails 8

To add a basic authentication system, you can run the following command in your Rails project:

bin/rails generate authentication

Core Models and Database Migrations

Rails sets up models and migrations to handle user accounts and session management, creating a solid foundation for authentication. Here are the key components:

CreateUsers Migration: This migration creates a users table with an email_address field that’s uniquely indexed and a password_digest field for secure password storage using has_secure_password.
CreateSessions Migration: This migration defines a sessions table with a token field (ensuring uniqueness), along with fields for ip_address and user_agent to track the user’s device and network. The Session model includes has_secure_token for generating unique session tokens.
Current Model: This model manages per-request data and gives convenient access to the current user, using a user method that delegates to the session.

The bcrypt gem, used for secure password handling, is added to your Gemfile if it’s not already there or commented out, and bundle install is run to ensure it's available.

Authentication Concern: Core Logic

The authentication flow is encapsulated within an Authentication concern, which includes:

require_authentication: A before_action that checks for an existing session using resume_session. If none is found, it redirects the user to the login page via request_authentication.
resume_session: Finds an existing session through a signed cookie token and sets it as the active session. It then saves this session token in a permanent, HTTP-only cookie with set_current_session.
authenticated?: A helper that verifies if there’s an active session for the current user.
allow_unauthenticated_access: A method that permits specific actions to bypass the require_authentication check.
start_new_session_for(user): Begins a new session for the specified user, recording the user’s device and IP address information.
terminate_session: Ends the current session and removes its cookie token.

Managing Sessions with a Sessions Controller

The SessionsController facilitates user session handling with the following actions:

new: Presents a login form for user credentials. The new.html.erb file offers fields for the user’s email and password, along with flash messages for errors or success, plus a link to reset the password if needed.
create: Authenticates the user based on provided credentials. Upon successful login, it starts a session and redirects to the after_authentication_url; if credentials are incorrect, it redirects to the login form with an error message.
destroy: Ends the current session and sends the user back to the login page.

Password Reset Workflow

The generator also provides a basic password reset feature, covering everything from initiating a reset request to updating a password. This functionality is managed by the PasswordsController:

new: Displays a form for requesting a password reset.
create: Processes the reset request, sending an email with reset instructions if the user exists. The email includes a link with a password_reset_token, which expires in 15 minutes by default, allowing access to the password reset page.
edit: Shows a form where the user can input a new password.
update: Finalizes the password change, redirecting on success or showing an error on failure.
set_user_by_token: A before_action callback for edit and update actions that identifies the user based on the reset token in the URL, ensuring secure reset handling.

Limitations and Future Improvements

Currently, the generator offers email-password login for existing users but doesn’t yet support user account creation. Additional customization options and features may come in future updates.

To learn more about the implementation details, check out the following pull requests:

Know more about the Topic and me:

Portfolio: https://www.arishdev.com
Code: https://github.com/Arish-Dev-Academy/rails-8-authentication
Video: https://youtu.be/Boi_9amq_eg?si=QfirKgGFLgm_QK9Z

DEV Community: Arish Khan

Exploring ActiveRecord::Base::normalizes in Rails 7.1

Rails 7.1 onwards

Rails - 8 Authentication Generator

Simplifying Authentication in Rails 8 with a New Generator

Getting Started with Authentication in Rails 8

Core Models and Database Migrations

Authentication Concern: Core Logic

Password Reset Workflow

Limitations and Future Improvements

Know more about the Topic and me: