DEV Community: Steve Polito The latest articles on DEV Community by Steve Polito (@stevepolitodesign). https://dev.to/stevepolitodesign https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F374682%2Fedacdf1c-87f5-4382-b029-d965ffcfde65.png DEV Community: Steve Polito https://dev.to/stevepolitodesign en How to encrypt files with Ruby and Active Support Steve Polito Wed, 22 Mar 2023 12:54:54 +0000 https://dev.to/stevepolitodesign/how-to-encrypt-files-with-ruby-and-active-support-4ni https://dev.to/stevepolitodesign/how-to-encrypt-files-with-ruby-and-active-support-4ni <p>In this tutorial, we will create a Ruby binstub that allows you to encrypt and<br> decrypt files using Active Support's <a href="https://github.com/rails/rails/blob/main/activesupport/lib/active_support/encrypted_file.rb">EncryptedFile</a> module. This script is<br> particularly useful for those who need to protect sensitive information within<br> their files.</p> <p><strong>Use Cases</strong></p> <ul> <li>Encrypt text files in open source projects so that they can be committed to your repository without exposing sensitive information.</li> <li>Storing credentials in an encrypted file, similar to <a href="https://guides.rubyonrails.org/security.html#custom-credentials">Rails Custom Credentials</a>.</li> <li>Taking secure personal notes.</li> </ul> <h2> Required Libraries </h2> <p>The script starts with the following lines, which load the required libraries<br> and set up the command line argument handling.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1">#!/usr/bin/env ruby</span> <span class="nb">require</span> <span class="s2">"active_support/encrypted_file"</span> <span class="nb">require</span> <span class="s2">"securerandom"</span> </code></pre> </div> <p>These lines import the necessary Ruby modules:<br> <a href="https://github.com/rails/rails/blob/main/activesupport/lib/active_support/encrypted_file.rb">active_support/encrypted_file</a> for encryption and decryption, and<br> <a href="https://rubyapi.org/3.2/o/securerandom">securerandom</a> for key generation</p> <h2> Parsing Arguments </h2> <p>The script expects one of three commands as the first argument: <code>setup</code>,<br> <code>write</code>, or <code>read</code>. If no command is provided, the script will print an error<br> message and exit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">command</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="k">if</span> <span class="n">command</span><span class="p">.</span><span class="nf">nil?</span> <span class="nb">puts</span> <span class="s2">"Please pass 'setup', 'write [FILE]', or 'read [FILE]'"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> </code></pre> </div> <h2> Helper Methods </h2> <p>The following <code>build_encrypted_file</code> method creates an instance of<br> <code>ActiveSupport::EncryptedFile</code> with the necessary configuration options.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span> <span class="ss">content_path: </span><span class="n">file</span><span class="p">,</span> <span class="ss">key_path: </span><span class="s2">"invisible_ink.key"</span><span class="p">,</span> <span class="ss">env_key: </span><span class="s2">"INVISIBLE_INK_KEY"</span><span class="p">,</span> <span class="ss">raise_if_missing_key: </span><span class="kp">true</span> <span class="p">)</span> <span class="k">end</span> </code></pre> </div> <p>Next, we have two helper methods: <code>handle_missing_key</code> and<br> <code>handle_missing_file_argument</code>. These methods print error messages and exit the<br> script if a key or a file is missing, respectively.</p> <h2> Executing the Commands </h2> <p>The <code>case</code> statement is the main part of the script, handling the three possible<br> commands: <code>write</code>, <code>read</code>, and <code>setup</code>.</p> <h3> Encrypting a File </h3> <p>For the <code>write</code> command, the script ensures that a file argument is provided<br> and that a system editor is available to open the file. It then creates a new<br> encrypted file if it does not exist and opens the file in the system editor for<br> editing. When the editor is closed, the encrypted file is saved with the new<br> content.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">when</span> <span class="s2">"write"</span> <span class="n">file</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="n">handle_missing_file_argument</span> <span class="k">if</span> <span class="n">file</span><span class="p">.</span><span class="nf">nil?</span> <span class="k">if</span> <span class="no">ENV</span><span class="p">[</span><span class="s2">"EDITOR"</span><span class="p">].</span><span class="nf">to_s</span><span class="p">.</span><span class="nf">empty?</span> <span class="nb">puts</span> <span class="s2">"No $EDITOR to open file in"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> <span class="k">begin</span> <span class="n">encrypted_file</span> <span class="o">=</span> <span class="n">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="kp">nil</span><span class="p">)</span> <span class="k">unless</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">change</span> <span class="k">do</span> <span class="o">|</span><span class="n">tmp_path</span><span class="o">|</span> <span class="nb">system</span><span class="p">(</span><span class="no">ENV</span><span class="p">[</span><span class="s2">"EDITOR"</span><span class="p">],</span> <span class="n">tmp_path</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="k">rescue</span> <span class="no">Interrupt</span> <span class="nb">puts</span> <span class="s2">"File not saved"</span> <span class="k">end</span> <span class="k">rescue</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="o">::</span><span class="no">MissingKeyError</span> <span class="o">=&gt;</span> <span class="n">error</span> <span class="n">handle_missing_key</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <h3> Decrypting a File </h3> <p>For the <code>read</code> command, the script ensures that a file argument is provided and<br> then attempts to read the encrypted file, printing the decrypted contents to the<br> standard output.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">when</span> <span class="s2">"read"</span> <span class="k">begin</span> <span class="n">file</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="n">handle_missing_file_argument</span> <span class="k">if</span> <span class="n">file</span><span class="p">.</span><span class="nf">nil?</span> <span class="n">encrypted_file</span> <span class="o">=</span> <span class="n">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="nb">puts</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">read</span> <span class="k">rescue</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="o">::</span><span class="no">MissingKeyError</span> <span class="o">=&gt;</span> <span class="n">error</span> <span class="n">handle_missing_key</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <h3> The Setup Script </h3> <p>Finally, the <code>setup</code> command generates a new encryption key and saves it to a<br> file named <code>invisible_ink.key</code>. It also adds the key file to the <code>.gitignore</code><br> file to prevent it from being accidentally committed to a version control<br> system.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">when</span> <span class="s2">"setup"</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">)</span> <span class="nb">puts</span> <span class="s2">"ERROR: invisible_ink.key already exists"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">else</span> <span class="no">File</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="s2">".gitignore"</span><span class="p">,</span> <span class="s2">"a"</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">file</span><span class="o">|</span> <span class="n">file</span><span class="p">.</span><span class="nf">puts</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">)</span> <span class="p">}</span> <span class="n">key</span> <span class="o">=</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="p">.</span><span class="nf">generate_key</span> <span class="no">File</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span> <span class="nb">puts</span> <span class="s2">"invisible_ink.key generated"</span> <span class="k">end</span> </code></pre> </div> <h2> The Final Script </h2> <p>By using this script, you can protect sensitive information from unauthorized<br> access and maintain the privacy of your data. With the <code>setup</code>, <code>write</code>, and<br> <code>read</code> commands, you can easily manage the encryption and decryption process,<br> making it a useful tool for various applications.</p> <p>As an alternative, you can also use the <a href="https://github.com/stevepolitodesign/invisible_ink">invisible_ink</a> gem, which provides<br> the same functionality as this script, with the added benefit of being easily<br> integrated into any Ruby project. This gem offers a more streamlined and<br> maintainable approach to file encryption and decryption in your Ruby<br> applications, without the need to implement the entire script yourself.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1">#!/usr/bin/env ruby</span> <span class="nb">require</span> <span class="s2">"active_support/encrypted_file"</span> <span class="nb">require</span> <span class="s2">"securerandom"</span> <span class="c1"># ℹ️ Set the command from the first argument</span> <span class="n">command</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="c1"># ℹ️ Return early if no command was passed</span> <span class="k">if</span> <span class="n">command</span><span class="p">.</span><span class="nf">nil?</span> <span class="nb">puts</span> <span class="s2">"Please pass 'setup', 'write [FILE]', or 'read [FILE]'"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> <span class="c1"># ℹ️ Create an encrypted file instance.</span> <span class="k">def</span> <span class="nf">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span> <span class="ss">content_path: </span><span class="n">file</span><span class="p">,</span> <span class="c1"># ℹ️ The key will be generated during the 'setup' script</span> <span class="ss">key_path: </span><span class="s2">"invisible_ink.key"</span><span class="p">,</span> <span class="c1"># ℹ️ Alternatively use an environment variable to store the key</span> <span class="ss">env_key: </span><span class="s2">"INVISIBLE_INK_KEY"</span><span class="p">,</span> <span class="ss">raise_if_missing_key: </span><span class="kp">true</span> <span class="p">)</span> <span class="k">end</span> <span class="c1"># ℹ️ Handle case where ActiveSupport::EncryptedFile::MissingKeyError is raised</span> <span class="k">def</span> <span class="nf">handle_missing_key</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="nb">puts</span> <span class="s2">"ERROR: </span><span class="si">#{</span><span class="n">error</span><span class="si">}</span><span class="s2">"</span> <span class="nb">puts</span> <span class="s2">""</span> <span class="nb">puts</span> <span class="s2">"Did you run 'setup'?"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> <span class="c1"># ℹ️ Handle case where a file was not passed as an argument</span> <span class="k">def</span> <span class="nf">handle_missing_file_argument</span> <span class="nb">puts</span> <span class="s2">"Please pass a file"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> <span class="k">case</span> <span class="n">command</span> <span class="k">when</span> <span class="s2">"write"</span> <span class="c1"># ℹ️ Set the file from the second argument</span> <span class="n">file</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="c1"># ℹ️ Ensure the file was passed as an argument</span> <span class="n">handle_missing_file_argument</span> <span class="k">if</span> <span class="n">file</span><span class="p">.</span><span class="nf">nil?</span> <span class="c1"># ℹ️ Return early if there is no system editor to edit the file</span> <span class="k">if</span> <span class="no">ENV</span><span class="p">[</span><span class="s2">"EDITOR"</span><span class="p">].</span><span class="nf">to_s</span><span class="p">.</span><span class="nf">empty?</span> <span class="nb">puts</span> <span class="s2">"No $EDITOR to open file in"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">end</span> <span class="k">begin</span> <span class="n">encrypted_file</span> <span class="o">=</span> <span class="n">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="c1"># ℹ️ Writing a blank file creates the file in cases where it does not yet</span> <span class="c1"># exist. We need a file before we can write to it.</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="kp">nil</span><span class="p">)</span> <span class="k">unless</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="c1"># ℹ️ Open the file in the system $EDITOR using a temporary path</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">change</span> <span class="k">do</span> <span class="o">|</span><span class="n">tmp_path</span><span class="o">|</span> <span class="nb">system</span><span class="p">(</span><span class="no">ENV</span><span class="p">[</span><span class="s2">"EDITOR"</span><span class="p">],</span> <span class="n">tmp_path</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="c1"># ℹ️ Handle case where the $EDITOR is closed before the file was saved</span> <span class="k">rescue</span> <span class="no">Interrupt</span> <span class="nb">puts</span> <span class="s2">"File not saved"</span> <span class="k">end</span> <span class="c1"># ℹ️ Print message to user if the key is missing</span> <span class="k">rescue</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="o">::</span><span class="no">MissingKeyError</span> <span class="o">=&gt;</span> <span class="n">error</span> <span class="n">handle_missing_key</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="k">end</span> <span class="k">when</span> <span class="s2">"read"</span> <span class="k">begin</span> <span class="c1"># ℹ️ Set the file from the second argument</span> <span class="n">file</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">.</span><span class="nf">shift</span> <span class="c1"># ℹ️ Ensure the file was passed as an argument</span> <span class="n">handle_missing_file_argument</span> <span class="k">if</span> <span class="n">file</span><span class="p">.</span><span class="nf">nil?</span> <span class="n">encrypted_file</span> <span class="o">=</span> <span class="n">build_encrypted_file</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="c1"># ℹ️ Print decrypted file contents to $STDOUT</span> <span class="nb">puts</span> <span class="n">encrypted_file</span><span class="p">.</span><span class="nf">read</span> <span class="c1"># ℹ️ Print message to user if the key is missing</span> <span class="k">rescue</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="o">::</span><span class="no">MissingKeyError</span> <span class="o">=&gt;</span> <span class="n">error</span> <span class="n">handle_missing_key</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="k">end</span> <span class="k">when</span> <span class="s2">"setup"</span> <span class="c1"># ℹ️ Return early if there is already a key</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">)</span> <span class="nb">puts</span> <span class="s2">"ERROR: invisible_ink.key already exists"</span> <span class="nb">exit</span> <span class="mi">1</span> <span class="k">else</span> <span class="c1"># ℹ️ Prevent key from being saved to version control</span> <span class="no">File</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="s2">".gitignore"</span><span class="p">,</span> <span class="s2">"a"</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">file</span><span class="o">|</span> <span class="n">file</span><span class="p">.</span><span class="nf">puts</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># ℹ️ Generate key</span> <span class="n">key</span> <span class="o">=</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">EncryptedFile</span><span class="p">.</span><span class="nf">generate_key</span> <span class="c1"># ℹ️ Write the key to a file</span> <span class="no">File</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="s2">"invisible_ink.key"</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span> <span class="nb">puts</span> <span class="s2">"invisible_ink.key generated"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> ruby cli How to click links in Rails Mailers when writing tests Steve Polito Mon, 13 Mar 2023 16:22:24 +0000 https://dev.to/stevepolitodesign/how-to-click-links-in-rails-mailers-when-writing-tests-23dk https://dev.to/stevepolitodesign/how-to-click-links-in-rails-mailers-when-writing-tests-23dk <p>In this tutorial, you'll learn how to write a test that clicks a link in a Rails mailer. This is particularly useful when testing emails with links that require unique tokens or may expire, such as password reset emails. We'll cover the steps to create a helper method that uses Capybara to find and click the link in the email, allowing you to fully test the functionality of a passpord reset email.</p> <h2> Find the link using Nokogiri </h2> <p>To extract links from emails, we can use <a href="https://nokogiri.org">Nokogiri</a>. Nokogiri converts the body of the email into a document object, which we can navigate to extract links based on their text.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/integration/password_reset_test.rb</span> <span class="nb">require</span> <span class="s1">'test_helper'</span> <span class="k">class</span> <span class="nc">PasswordResetTest</span> <span class="o">&lt;</span> <span class="no">ActionDispatch</span><span class="o">::</span><span class="no">IntegrationTest</span> <span class="nb">test</span> <span class="s2">"resets password"</span> <span class="k">do</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">)</span> <span class="n">post</span> <span class="n">user_password_path</span><span class="p">,</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">user: </span><span class="p">{</span> <span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">}</span> <span class="p">}</span> <span class="c1"># ℹ️ Get the latest email</span> <span class="n">email</span> <span class="o">=</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">deliveries</span><span class="p">.</span><span class="nf">last</span> <span class="c1"># ℹ️ Parse the email's HTML with Nokogiri</span> <span class="n">doc</span> <span class="o">=</span> <span class="no">Nokogiri</span><span class="o">::</span><span class="no">HTML</span><span class="p">(</span><span class="n">email</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="c1"># ℹ️ Find the link using Nokogiri</span> <span class="n">url</span> <span class="o">=</span> <span class="n">doc</span><span class="p">.</span><span class="nf">at_css</span><span class="p">(</span><span class="s1">'a:contains("Change my password")'</span><span class="p">)[</span><span class="ss">:href</span><span class="p">]</span> <span class="c1"># =&gt; "http://www.example.com/users/password/edit?reset_password_token=123abc"</span> <span class="n">get</span> <span class="n">url</span> <span class="n">assert_select</span> <span class="s2">"h1"</span><span class="p">,</span> <span class="ss">text: </span><span class="s2">"Change your password"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Replace Nokogiri with Capybara </h2> <p>One way to improve the current implementation is by swapping out Nokogiri for <a href="https://teamcapybara.github.io/capybara/">Capybara</a>. This would enhance the readability of the test and allow us to utilize Capybara's DSL to locate more email content.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/integration/password_reset_test.rb</span> <span class="nb">require</span> <span class="s1">'test_helper'</span> <span class="k">class</span> <span class="nc">PasswordResetTest</span> <span class="o">&lt;</span> <span class="no">ActionDispatch</span><span class="o">::</span><span class="no">IntegrationTest</span> <span class="nb">test</span> <span class="s2">"resets password"</span> <span class="k">do</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">)</span> <span class="n">post</span> <span class="n">user_password_path</span><span class="p">,</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">user: </span><span class="p">{</span> <span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">}</span> <span class="p">}</span> <span class="c1"># ℹ️ Get the latest email</span> <span class="n">email</span> <span class="o">=</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">deliveries</span><span class="p">.</span><span class="nf">last</span> <span class="c1"># ℹ️ Parse the email's HTML with Capybara</span> <span class="n">page</span> <span class="o">=</span> <span class="no">Capybara</span><span class="p">.</span><span class="nf">string</span><span class="p">(</span><span class="n">email</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="c1"># ℹ️ Find the link using Capybara</span> <span class="n">url</span> <span class="o">=</span> <span class="n">page</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="ss">:link</span><span class="p">,</span> <span class="s2">"Change my password"</span><span class="p">)[</span><span class="ss">:href</span><span class="p">]</span> <span class="c1"># =&gt; "http://www.example.com/users/password/edit?reset_password_token=123abc"</span> <span class="n">get</span> <span class="n">url</span> <span class="n">assert_select</span> <span class="s2">"h1"</span><span class="p">,</span> <span class="ss">text: </span><span class="s2">"Change your password"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Create a test helper to return the link </h2> <p>The Capybara implementation is helpful, but it could be made simpler. We can create a method that takes an email and a string, and uses Capybara to find and return the link with that text. This method could be extracted into a helper to hide the implementation details.</p> <p>Since it’s best practice for mailers to use absolute URLs, we can take this opportunity to convert them to relative URLs. The reason for this is to avoid making requests to "example.com" which is the default test host for Rails action mailer. This isn't an issue for integration tests, but it can cause problems for system tests because Capybara may try to visit the external URL instead of staying on the localhost.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/test_helper.rb</span> <span class="k">class</span> <span class="nc">ActiveSupport::TestCase</span> <span class="c1"># ℹ️ Get the link from the email</span> <span class="k">def</span> <span class="nf">email_link</span><span class="p">(</span><span class="n">email</span><span class="p">,</span> <span class="n">string</span><span class="p">)</span> <span class="n">document</span> <span class="o">=</span> <span class="no">Capybara</span><span class="p">.</span><span class="nf">string</span><span class="p">(</span><span class="n">email</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="n">link</span> <span class="o">=</span> <span class="n">document</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="ss">:link</span><span class="p">,</span> <span class="n">string</span><span class="p">)[</span><span class="ss">:href</span><span class="p">]</span> <span class="c1"># ℹ️ Return the relative link to ensure the request stays local</span> <span class="n">localize_link</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">localize_link</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="n">uri</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="k">if</span> <span class="n">uri</span><span class="p">.</span><span class="nf">query</span> <span class="s2">"</span><span class="si">#{</span><span class="n">uri</span><span class="p">.</span><span class="nf">path</span><span class="si">}</span><span class="s2">?</span><span class="si">#{</span><span class="n">uri</span><span class="p">.</span><span class="nf">query</span><span class="si">}</span><span class="s2">"</span> <span class="k">else</span> <span class="n">uri</span><span class="p">.</span><span class="nf">path</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/integration/password_reset_test.rb</span> <span class="nb">require</span> <span class="s1">'test_helper'</span> <span class="k">class</span> <span class="nc">PasswordResetTest</span> <span class="o">&lt;</span> <span class="no">ActionDispatch</span><span class="o">::</span><span class="no">IntegrationTest</span> <span class="nb">test</span> <span class="s2">"resets password"</span> <span class="k">do</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">)</span> <span class="n">post</span> <span class="n">user_password_path</span><span class="p">,</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">user: </span><span class="p">{</span> <span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">}</span> <span class="p">}</span> <span class="n">email</span> <span class="o">=</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">deliveries</span><span class="p">.</span><span class="nf">last</span> <span class="c1"># ℹ️ Our helper hides the implementation and returns the relative url</span> <span class="n">get</span> <span class="n">email_link</span><span class="p">(</span><span class="n">email</span><span class="p">,</span> <span class="s2">"Change my password"</span><span class="p">)</span> <span class="n">assert_select</span> <span class="s2">"h1"</span><span class="p">,</span> <span class="ss">text: </span><span class="s2">"Change your password"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Create a test helper to set the current email </h2> <p>To make our test easier to read, we can create another helper. This helper will find the most recent email sent to a specific email address and set it as the <code>current_email</code>. Without this helper, the <code>current_email</code> will just default to the last email sent, regardless of the recipient.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/test_helper.rb</span> <span class="k">class</span> <span class="nc">ActiveSupport::TestCase</span> <span class="c1"># ℹ️ Find the latest email sent to a particular email address</span> <span class="k">def</span> <span class="nf">open_latest_email_for</span><span class="p">(</span><span class="n">email_address</span><span class="p">)</span> <span class="vi">@current_email</span> <span class="o">=</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">deliveries</span><span class="p">.</span><span class="nf">reverse</span><span class="p">.</span><span class="nf">detect</span> <span class="k">do</span> <span class="o">|</span><span class="n">email</span><span class="o">|</span> <span class="n">email</span><span class="p">.</span><span class="nf">to</span><span class="p">.</span><span class="nf">include?</span><span class="p">(</span><span class="n">email_address</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># ℹ️ If the @current_email is not set, default to the last email delivered</span> <span class="k">def</span> <span class="nf">current_email</span> <span class="vi">@current_email</span> <span class="o">||=</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">deliveries</span><span class="p">.</span><span class="nf">last</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">email_link</span><span class="p">(</span><span class="n">email</span><span class="p">,</span> <span class="n">string</span><span class="p">)</span> <span class="n">document</span> <span class="o">=</span> <span class="no">Capybara</span><span class="p">.</span><span class="nf">string</span><span class="p">(</span><span class="n">email</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span> <span class="n">link</span> <span class="o">=</span> <span class="n">document</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="ss">:link</span><span class="p">,</span> <span class="n">string</span><span class="p">)[</span><span class="ss">:href</span><span class="p">]</span> <span class="n">localize_link</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">localize_link</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="n">uri</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">link</span><span class="p">)</span> <span class="k">if</span> <span class="n">uri</span><span class="p">.</span><span class="nf">query</span> <span class="s2">"</span><span class="si">#{</span><span class="n">uri</span><span class="p">.</span><span class="nf">path</span><span class="si">}</span><span class="s2">?</span><span class="si">#{</span><span class="n">uri</span><span class="p">.</span><span class="nf">query</span><span class="si">}</span><span class="s2">"</span> <span class="k">else</span> <span class="n">uri</span><span class="p">.</span><span class="nf">path</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/integration/password_reset_test.rb</span> <span class="nb">require</span> <span class="s1">'test_helper'</span> <span class="k">class</span> <span class="nc">PasswordResetTest</span> <span class="o">&lt;</span> <span class="no">ActionDispatch</span><span class="o">::</span><span class="no">IntegrationTest</span> <span class="nb">test</span> <span class="s2">"resets password"</span> <span class="k">do</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">)</span> <span class="n">post</span> <span class="n">user_password_path</span><span class="p">,</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">user: </span><span class="p">{</span> <span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">}</span> <span class="p">}</span> <span class="c1"># ℹ️ This will set the @current_email</span> <span class="n">open_latest_email_for</span><span class="p">(</span><span class="s2">"user@example.com"</span><span class="p">)</span> <span class="c1"># ℹ️ Now we can pass current_email to the method</span> <span class="n">get</span> <span class="n">email_link</span><span class="p">(</span><span class="n">current_email</span><span class="p">,</span> <span class="s2">"Change my password"</span><span class="p">)</span> <span class="n">assert_select</span> <span class="s2">"h1"</span><span class="p">,</span> <span class="ss">text: </span><span class="s2">"Change your password"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> rails testing Rails Setup Script Improvements Steve Polito Sat, 15 Jan 2022 18:43:09 +0000 https://dev.to/stevepolitodesign/rails-setup-script-improvements-3ck3 https://dev.to/stevepolitodesign/rails-setup-script-improvements-3ck3 <p>Rails ships with a <a href="https://github.com/rails/rails/pull/15189">setup script</a> that automates bootstrapping a new application, but did you know that you're free to edit this script? In this quick tutorial, I'll show you how you can improve the default Rails setup script to create a more consistent and helpful onboarding experience for folks on your team.</p> <h2> Demo </h2> <p>Simply clone this repo and run <code>./bin/setup</code>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_2asYF4g--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/rails-setup-script-improvements/main/public/demo.gif" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_2asYF4g--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/rails-setup-script-improvements/main/public/demo.gif" alt="Demo" width="480" height="480"></a></p> <h2> Step 1. Update the Command That Prepares the Database </h2> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">--- a/bin/setup </span><span class="gi">+++ b/bin/setup </span><span class="p">@@ -23,7 +23,7 @@</span> FileUtils.chdir APP_ROOT do # end puts "\n== Preparing database ==" <span class="gd">- system! "bin/rails db:prepare" </span><span class="gi">+ system! "bin/rails db:reset" </span> puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <p>Running <a href="https://edgeguides.rubyonrails.org/active_record_migrations.html#resetting-the-database">bin/rails db:reset</a> will do the following:</p> <ol> <li>Run <code>bin/rails db:drop</code>.</li> <li>Run <code>bin/rails db:setup</code>. <ul> <li>The <a href="https://edgeguides.rubyonrails.org/active_record_migrations.html#setup-the-database">bin/rails db:setup</a> command will do the following:</li> <li>Create the database.</li> <li>Load the schema.</li> <li>Seed the database.</li> </ul> </li> </ol> </blockquote> <p>This ensures the database will always be in the same state after running <code>./bin/setup</code>. This is because <code>bin/rails db:prepare</code> will not seed the database if the database already exists which could result in inconsistent outcomes.</p> <h2> Step 2. Create a Job to Seed the Database </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/jobs/database_seeder_job.rb</span> <span class="k">class</span> <span class="nc">DatabaseSeederJob</span> <span class="o">&lt;</span> <span class="no">ApplicationJob</span> <span class="n">queue_as</span> <span class="ss">:default</span> <span class="no">DEFAULT_USER_EMAIL</span> <span class="o">=</span> <span class="s2">"user@example.com"</span> <span class="no">DEFAULT_USER_PASSWORD</span> <span class="o">=</span> <span class="s2">"password"</span> <span class="k">def</span> <span class="nf">perform</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Base</span><span class="p">.</span><span class="nf">transaction</span> <span class="k">do</span> <span class="n">create_default_user</span> <span class="n">create_users</span> <span class="n">create_posts</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">create_default_user</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span> <span class="ss">email: </span><span class="no">DEFAULT_USER_EMAIL</span><span class="p">,</span> <span class="ss">password: </span><span class="no">DEFAULT_USER_PASSWORD</span><span class="p">,</span> <span class="ss">password_confirmation: </span><span class="no">DEFAULT_USER_PASSWORD</span><span class="p">,</span> <span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create_users</span> <span class="mi">10</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span> <span class="o">|</span><span class="n">i</span><span class="o">|</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span> <span class="ss">email: </span><span class="s2">"user-</span><span class="si">#{</span><span class="n">i</span><span class="si">}</span><span class="s2">@example.com"</span><span class="p">,</span> <span class="ss">password: </span><span class="no">DEFAULT_USER_PASSWORD</span><span class="p">,</span> <span class="ss">password_confirmation: </span><span class="no">DEFAULT_USER_PASSWORD</span><span class="p">,</span> <span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create_posts</span> <span class="no">User</span><span class="p">.</span><span class="nf">all</span><span class="p">.</span><span class="nf">each_with_index</span> <span class="k">do</span> <span class="o">|</span><span class="n">user</span><span class="p">,</span> <span class="n">index</span><span class="o">|</span> <span class="no">Post</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span> <span class="ss">title: </span><span class="s2">"</span><span class="se">\"</span><span class="s2">Title for post </span><span class="si">#{</span><span class="n">index</span><span class="si">}</span><span class="se">\"</span><span class="s2">,"</span> <span class="ss">body: </span><span class="s2">"Body for post </span><span class="si">#{</span><span class="n">index</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="ss">user: </span><span class="n">user</span> <span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/seeds.rb</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">== Seeding database =="</span> <span class="no">DatabaseSeederJob</span><span class="p">.</span><span class="nf">perform_now</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We could run all the commands from each method inline in <code>db/seeds.rb</code>, but that script is run in isolation. By abstracting this into a job, we can call it anywhere within our application. This is important because we'll need access to those constants when we print the instructions to the console.</li> <li>Note that we call <code>puts</code> so that we'll know when this part of the setup script is being called.</li> </ul> </blockquote> <h2> Step 3. Print Instructions When Setup is Complete </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/jobs/post_setup_instructions_job.rb</span> <span class="k">class</span> <span class="nc">PostSetupInstructionsJob</span> <span class="o">&lt;</span> <span class="no">ApplicationJob</span> <span class="n">queue_as</span> <span class="ss">:default</span> <span class="k">def</span> <span class="nf">perform</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">== Setup complete! 🎉 =="</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">👉 Run </span><span class="se">\"</span><span class="s2">rails s</span><span class="se">\"</span><span class="s2"> to start the development server."</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">== You can login with the following account =="</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">🔗 </span><span class="si">#{</span><span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">url_helpers</span><span class="p">.</span><span class="nf">new_user_session_url</span><span class="p">(</span><span class="ss">host: </span><span class="s2">"localhost"</span><span class="p">,</span> <span class="ss">port: </span><span class="mi">3000</span><span class="p">)</span><span class="si">}</span><span class="s2">"</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\📧</span><span class="s2"> Email: </span><span class="si">#{</span><span class="no">DatabaseSeederJob</span><span class="o">::</span><span class="no">DEFAULT_USER_EMAIL</span><span class="si">}</span><span class="s2">"</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\🔐</span><span class="s2"> Password: </span><span class="si">#{</span><span class="no">DatabaseSeederJob</span><span class="o">::</span><span class="no">DEFAULT_USER_PASSWORD</span><span class="si">}</span><span class="s2">"</span> <span class="nb">puts</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/tasks/post_setup_instructions.rake</span> <span class="n">namespace</span> <span class="ss">:post_setup_instructions</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Prints instructions once setup is complete."</span> <span class="n">task</span> <span class="ss">perform: :environment</span> <span class="k">do</span> <span class="no">PostSetupInstructionsJob</span><span class="p">.</span><span class="nf">perform_now</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">--- a/bin/setup </span><span class="gi">+++ b/bin/setup </span><span class="p">@@ -30,4 +30,6 @@</span> FileUtils.chdir APP_ROOT do puts "\n== Restarting application server ==" system! "bin/rails restart" <span class="gi">+ + system! "bin/rails post_setup_instructions:perform" </span> end </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create <code>PostSetupInstructionsJob</code> to print out the instructions for accessing our application. This allows us to access the constants we created in step 2. <ul> <li>Note that we have to call <code>Rails.application.routes.url_helpers</code> to gain access to the <a href="https://api.rubyonrails.org//classes/ActionDispatch/Routing/UrlFor.html#method-i-url_for">url_for</a> method.</li> <li>You'll also note that we pass in a <code>host</code> and <code>port</code> as options to avoid raising a <code>Missing host to link to!</code> error.</li> </ul> </li> <li>We create a <code>post_setup_instructions</code> <a href="https://guides.rubyonrails.org/command_line.html#custom-rake-tasks">task</a> the calls the <code>PostSetupInstructionsJob</code>. This is so we can call it from <code>./bin/setup</code>.</li> </ul> </blockquote> tutorial rails Rails Authentication From Scratch (A Complete Guide) Steve Polito Tue, 04 Jan 2022 13:33:53 +0000 https://dev.to/stevepolitodesign/rails-authentication-from-scratch-38m2 https://dev.to/stevepolitodesign/rails-authentication-from-scratch-38m2 <p>If you're like me then you probably take Devise for granted because you're too intimidated to roll your own authentication system. As powerful as Devise is, it's not perfect. There are plenty of cases where I've reached for it only to end up constrained by its features and design, and wished I could customize it exactly to my liking.</p> <p>Fortunately, Rails gives you all the tools you need to roll your own authentication system from scratch without needing to depend on a gem. The challenge is just knowing how to account for edge cases while being cognizant of security and best practices.</p> <h2> Previous Versions </h2> <p>This guide is continuously updated to account for best practices. You can <a href="https://github.com/stevepolitodesign/rails-authentication-from-scratch/releases">view previous releases here</a>.</p> <h2> Step 1: Build User Model </h2> <ol> <li>Generate User model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g model User email:string </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/[timestamp]_create_users.rb</span> <span class="k">class</span> <span class="nc">CreateUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:users</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="n">add_index</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">unique: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Run migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails db:migrate </code></pre> </div> <ol> <li>Add validations and callbacks. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">before_save</span> <span class="ss">:downcase_email</span> <span class="n">validates</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">format: </span><span class="p">{</span><span class="ss">with: </span><span class="no">URI</span><span class="o">::</span><span class="no">MailTo</span><span class="o">::</span><span class="no">EMAIL_REGEXP</span><span class="p">},</span> <span class="ss">presence: </span><span class="kp">true</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="kp">true</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">downcase_email</span> <span class="nb">self</span><span class="p">.</span><span class="nf">email</span> <span class="o">=</span> <span class="n">email</span><span class="p">.</span><span class="nf">downcase</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We prevent empty values from being saved into the email column through a <code>null: false</code> constraint in addition to the <a href="https://guides.rubyonrails.org/active_record_validations.html#presence">presence</a> validation.</li> <li>We enforce unique email addresses at the database level through <code>add_index :users, :email, unique: true</code> in addition to a <a href="https://guides.rubyonrails.org/active_record_validations.html#uniqueness">uniqueness</a> validation.</li> <li>We ensure all emails are valid through a <a href="https://guides.rubyonrails.org/active_record_validations.html#format">format</a> validation.</li> <li>We save all emails to the database in a downcase format via a <a href="https://api.rubyonrails.org/v6.1.4/classes/ActiveRecord/Callbacks/ClassMethods.html#method-i-before_save">before_save</a> callback such that the values are saved in a consistent format.</li> <li>We use <a href="https://ruby-doc.org/stdlib-3.0.0/libdoc/uri/rdoc/URI/MailTo.html">URI::MailTo::EMAIL_REGEXP</a> that comes with Ruby to validate that the email address is properly formatted.</li> </ul> </blockquote> <h2> Step 2: Add Confirmation and Password Columns to Users Table </h2> <ol> <li>Create migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g migration add_confirmation_and_password_columns_to_users confirmed_at:datetime password_digest:string </code></pre> </div> <ol> <li>Update the migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/[timestamp]_add_confirmation_and_password_columns_to_users.rb</span> <span class="k">class</span> <span class="nc">AddConfirmationAndPasswordColumnsToUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:confirmed_at</span><span class="p">,</span> <span class="ss">:datetime</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:password_digest</span><span class="p">,</span> <span class="ss">:string</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>confirmed_at</code> column will be set when a user confirms their account. This will help us determine who has confirmed their account and who has not.</li> <li>The <code>password_digest</code> column will store a hashed version of the user's password. This is provided by the <a href="https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password">has_secure_password</a> method.</li> </ul> </blockquote> <ol> <li>Run migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails db:migrate </code></pre> </div> <ol> <li>Enable and install BCrypt.</li> </ol> <p>This is needed to use <code>has_secure_password</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># Gemfile</span> <span class="n">gem</span> <span class="s1">'bcrypt'</span><span class="p">,</span> <span class="s1">'~&gt; 3.1.7'</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bundle install </code></pre> </div> <ol> <li>Update the User Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="no">CONFIRMATION_TOKEN_EXPIRATION</span> <span class="o">=</span> <span class="mi">10</span><span class="p">.</span><span class="nf">minutes</span> <span class="n">has_secure_password</span> <span class="n">before_save</span> <span class="ss">:downcase_email</span> <span class="n">validates</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">format: </span><span class="p">{</span><span class="ss">with: </span><span class="no">URI</span><span class="o">::</span><span class="no">MailTo</span><span class="o">::</span><span class="no">EMAIL_REGEXP</span><span class="p">},</span> <span class="ss">presence: </span><span class="kp">true</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="kp">true</span> <span class="k">def</span> <span class="nf">confirm!</span> <span class="n">update_columns</span><span class="p">(</span><span class="ss">confirmed_at: </span><span class="no">Time</span><span class="p">.</span><span class="nf">current</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">confirmed?</span> <span class="n">confirmed_at</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">generate_confirmation_token</span> <span class="n">signed_id</span> <span class="ss">expires_in: </span><span class="no">CONFIRMATION_TOKEN_EXPIRATION</span><span class="p">,</span> <span class="ss">purpose: :confirm_email</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">unconfirmed?</span> <span class="o">!</span><span class="n">confirmed?</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">downcase_email</span> <span class="nb">self</span><span class="p">.</span><span class="nf">email</span> <span class="o">=</span> <span class="n">email</span><span class="p">.</span><span class="nf">downcase</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>has_secure_password</code> method is added to give us an <a href="https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password">API</a> to work with the <code>password_digest</code> column.</li> <li>The <code>confirm!</code> method will be called when a user confirms their email address. We still need to build this feature.</li> <li>The <code>confirmed?</code> and <code>unconfirmed?</code> methods allow us to tell whether a user has confirmed their email address or not.</li> <li>The <code>generate_confirmation_token</code> method creates a <a href="https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html#method-i-signed_id">signed_id</a> that will be used to securely identify the user. For added security, we ensure that this ID will expire in 10 minutes (this can be controlled with the <code>CONFIRMATION_TOKEN_EXPIRATION</code> constant) and give it an explicit purpose of <code>:confirm_email</code>. This will be useful when we build the confirmation mailer.</li> </ul> </blockquote> <h2> Step 3: Create Sign Up Pages </h2> <ol> <li>Create a simple home page since we'll need a place to redirect users to after they sign up. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller StaticPages home </code></pre> </div> <ol> <li>Create Users Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller Users </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/users_controller.rb</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">user_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">save</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Please check your email for confirmation instructions."</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">new</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:user</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:email</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:password_confirmation</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build sign-up form. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/shared/_form_errors.html.erb --&gt; &lt;% if object.errors.any? %&gt; &lt;ul&gt; &lt;% object.errors.full_messages.each do |message| %&gt; &lt;li&gt;&lt;%= message %&gt;&lt;/li&gt; &lt;% end %&gt; &lt;/ul&gt; &lt;% end %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/users/new.html.erb --&gt; &lt;%= form_with model: @user, url: sign_up_path do |form| %&gt; &lt;%= render partial: "shared/form_errors", locals: { object: form.object } %&gt; &lt;div&gt; &lt;%= form.label :email %&gt; &lt;%= form.email_field :email, required: true %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password %&gt; &lt;%= form.password_field :password, required: true %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password_confirmation %&gt; &lt;%= form.password_field :password_confirmation, required: true %&gt; &lt;/div&gt; &lt;%= form.submit "Sign Up" %&gt; &lt;% end %&gt; </code></pre> </div> <ol> <li>Update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">root</span> <span class="s2">"static_pages#home"</span> <span class="n">post</span> <span class="s2">"sign_up"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#create"</span> <span class="n">get</span> <span class="s2">"sign_up"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#new"</span> <span class="k">end</span> </code></pre> </div> <h2> Step 4: Create Confirmation Pages </h2> <p>Users now have a way to sign up, but we need to verify their email address to prevent SPAM.</p> <ol> <li>Create Confirmations Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller Confirmations </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/confirmations_controller.rb</span> <span class="k">class</span> <span class="nc">ConfirmationsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:email</span><span class="p">].</span><span class="nf">downcase</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Check your email for confirmation instructions."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"We could not find a user with that email or that email has already been confirmed."</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">edit</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_signed</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:confirmation_token</span><span class="p">],</span> <span class="ss">purpose: :confirm_email</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">confirm!</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Your account has been confirmed."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Invalid token."</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">new</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build confirmation pages.</li> </ol> <p>This page will be used in the case where a user did not receive their confirmation instructions and needs to have them resent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/confirmations/new.html.erb --&gt; &lt;%= form_with model: @user, url: confirmations_path do |form| %&gt; &lt;%= form.email_field :email, required: true %&gt; &lt;%= form.submit "Confirm Email" %&gt; &lt;% end %&gt; </code></pre> </div> <ol> <li>Update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">resources</span> <span class="ss">:confirmations</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">:new</span><span class="p">],</span> <span class="ss">param: :confirmation_token</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>create</code> action will be used to resend confirmation instructions to an unconfirmed user. We still need to build this mailer, and we still need to send this mailer when a user initially signs up. This action will be requested via the form on <code>app/views/confirmations/new.html.erb</code>. Note that we call <code>downcase</code> on the email to account for case sensitivity when searching.</li> <li>The <code>edit</code> action is used to confirm a user's email. This will be the page that a user lands on when they click the confirmation link in their email. We still need to build this. Note that we're looking up a user through the <a href="https://api.rubyonrails.org/classes/ActiveRecord/SignedId/ClassMethods.html#method-i-find_signed">find_signed</a> method and not their email or ID. This is because The <code>confirmation_token</code> is randomly generated and can't be guessed or tampered with unlike an email or numeric ID. This is also why we added <code>param: :confirmation_token</code> as a <a href="https://guides.rubyonrails.org/routing.html#overriding-named-route-parameters">named route parameter</a>. <ul> <li>You'll remember that the <code>confirmation_token</code> is a <a href="https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html#method-i-signed_id">signed_id</a>, and is set to expire in 10 minutes. You'll also note that we need to pass the method <code>purpose: :confirm_email</code> to be consistent with the purpose that was set in the <code>generate_confirmation_token</code> method. </li> </ul> </li> </ul> </blockquote> <h2> Step 5: Create Confirmation Mailer </h2> <p>Now we need a way to send a confirmation email to our users for them to actually confirm their accounts.</p> <ol> <li>Create a confirmation mailer. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g mailer User confirmation </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/mailers/user_mailer.rb</span> <span class="k">class</span> <span class="nc">UserMailer</span> <span class="o">&lt;</span> <span class="no">ApplicationMailer</span> <span class="n">default</span> <span class="ss">from: </span><span class="no">User</span><span class="o">::</span><span class="no">MAILER_FROM_EMAIL</span> <span class="k">def</span> <span class="nf">confirmation</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">confirmation_token</span><span class="p">)</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">user</span> <span class="vi">@confirmation_token</span> <span class="o">=</span> <span class="n">confirmation_token</span> <span class="n">mail</span> <span class="ss">to: </span><span class="vi">@user</span><span class="p">.</span><span class="nf">email</span><span class="p">,</span> <span class="ss">subject: </span><span class="s2">"Confirmation Instructions"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/user_mailer/confirmation.html.erb --&gt; &lt;h1&gt;Confirmation Instructions&lt;/h1&gt; &lt;%= link_to "Click here to confirm your email.", edit_confirmation_url(@confirmation_token) %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/user_mailer/confirmation.text.erb --&gt; Confirmation Instructions &lt;%= edit_confirmation_url(@confirmation_token) %&gt; </code></pre> </div> <ol> <li>Update User Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="no">MAILER_FROM_EMAIL</span> <span class="o">=</span> <span class="s2">"no-reply@example.com"</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">send_confirmation_email!</span> <span class="n">confirmation_token</span> <span class="o">=</span> <span class="n">generate_confirmation_token</span> <span class="no">UserMailer</span><span class="p">.</span><span class="nf">confirmation</span><span class="p">(</span><span class="nb">self</span><span class="p">,</span> <span class="n">confirmation_token</span><span class="p">).</span><span class="nf">deliver_now</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>MAILER_FROM_EMAIL</code> constant is a way for us to set the email used in the <code>UserMailer</code>. This is optional.</li> <li>The <code>send_confirmation_email!</code> method will create a new <code>confirmation_token</code>. This is to ensure confirmation links expire and cannot be reused. It will also send the confirmation email to the user.</li> <li>We call <a href="https://api.rubyonrails.org/classes/ActiveRecord/Persistence.html#method-i-update_columns">update_columns</a> so that the <code>updated_at/updated_on</code> columns are not updated. This is personal preference, but those columns should typically only be updated when the user updates their email or password.</li> <li>The links in the mailer will take the user to <code>ConfirmationsController#edit</code> at which point they'll be confirmed.</li> </ul> </blockquote> <ol> <li>Configure Action Mailer so that links work locally.</li> </ol> <p>Add a host to the test and development (and later the production) environments so that <a href="https://guides.rubyonrails.org/action_mailer_basics.html#generating-urls-in-action-mailer-views">urls will work in mailers</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/environments/test.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">...</span> <span class="n">config</span><span class="p">.</span><span class="nf">action_mailer</span><span class="p">.</span><span class="nf">default_url_options</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">host: </span><span class="s2">"example.com"</span> <span class="p">}</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/environments/development.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">...</span> <span class="n">config</span><span class="p">.</span><span class="nf">action_mailer</span><span class="p">.</span><span class="nf">default_url_options</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">host: </span><span class="s2">"localhost"</span><span class="p">,</span> <span class="ss">port: </span><span class="mi">3000</span> <span class="p">}</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update Controllers.</li> </ol> <p>Now we can send a confirmation email when a user signs up or if they need to have it resent.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/confirmations_controller.rb</span> <span class="k">class</span> <span class="nc">ConfirmationsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:email</span><span class="p">].</span><span class="nf">downcase</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">send_confirmation_email!</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/users_controller.rb</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">user_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">save</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">send_confirmation_email!</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Step 6: Create Current Model and Authentication Concern </h2> <ol> <li>Create a model to store the current user. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/current.rb</span> <span class="k">class</span> <span class="nc">Current</span> <span class="o">&lt;</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">CurrentAttributes</span> <span class="n">attribute</span> <span class="ss">:user</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Create a Concern to store helper methods that will be shared across the application. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="kp">extend</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">Concern</span> <span class="n">included</span> <span class="k">do</span> <span class="n">before_action</span> <span class="ss">:current_user</span> <span class="n">helper_method</span> <span class="ss">:current_user</span> <span class="n">helper_method</span> <span class="ss">:user_signed_in?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">reset_session</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_user_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">id</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">logout</span> <span class="n">reset_session</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">redirect_if_authenticated</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"You are already logged in."</span> <span class="k">if</span> <span class="n">user_signed_in?</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span> <span class="o">||=</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_user_id</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_user_id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">user_signed_in?</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Load the Authentication Concern into the Application Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/application_controller.rb</span> <span class="k">class</span> <span class="nc">ApplicationController</span> <span class="o">&lt;</span> <span class="no">ActionController</span><span class="o">::</span><span class="no">Base</span> <span class="kp">include</span> <span class="no">Authentication</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>Current</code> class inherits from <a href="https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html">ActiveSupport::CurrentAttributes</a> which allows us to keep all per-request attributes easily available to the whole system. In essence, this will allow us to set a current user and have access to that user during each request to the server.</li> <li>The <code>Authentication</code> Concern provides an interface for logging the user in and out. We load it into the <code>ApplicationController</code> so that it will be used across the whole application. <ul> <li>The <code>login</code> method first <a href="https://api.rubyonrails.org/classes/ActionController/Metal.html#method-i-reset_session">resets the session</a> to account for <a href="https://guides.rubyonrails.org/security.html#session-fixation-countermeasures">session fixation</a>.</li> <li>We set the user's ID in the <a href="https://guides.rubyonrails.org/action_controller_overview.html#session">session</a> so that we can have access to the user across requests. The user's ID won't be stored in plain text. The cookie data is cryptographically signed to make it tamper-proof. And it is also encrypted so anyone with access to it can't read its contents.</li> <li>The <code>logout</code> method simply <a href="https://api.rubyonrails.org/classes/ActionController/Metal.html#method-i-reset_session">resets the session</a>.</li> <li>The <code>redirect_if_authenticated</code> method checks to see if the user is logged in. If they are, they'll be redirected to the <code>root_path</code>. This will be useful on pages an authenticated user should not be able to access, such as the login page.</li> <li>The <code>current_user</code> method returns a <code>User</code> and sets it as the user on the <code>Current</code> class we created. We use <a href="https://www.honeybadger.io/blog/ruby-rails-memoization/">memoization</a> to avoid fetching the User each time we call the method. We call the <code>before_action</code> <a href="https://guides.rubyonrails.org/action_controller_overview.html#filters">filter</a> so that we have access to the current user before each request. We also add this as a <a href="https://api.rubyonrails.org/classes/AbstractController/Helpers/ClassMethods.html#method-i-helper_method">helper_method</a> so that we have access to <code>current_user</code> in the views.</li> <li>The <code>user_signed_in?</code> method simply returns true or false depending on whether the user is signed in or not. This is helpful for conditionally rendering items in views.</li> </ul> </li> </ul> </blockquote> <h2> Step 7: Create Login Page </h2> <ol> <li>Generate Sessions Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g controller Sessions </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:redirect_if_authenticated</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:new</span><span class="p">]</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:email</span><span class="p">].</span><span class="nf">downcase</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Incorrect email or password."</span> <span class="k">elsif</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:password</span><span class="p">])</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed in."</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:alert</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"Incorrect email or password."</span> <span class="n">render</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:alert</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"Incorrect email or password."</span> <span class="n">render</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">logout</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed out."</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">new</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">post</span> <span class="s2">"login"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"sessions#create"</span> <span class="n">delete</span> <span class="s2">"logout"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"sessions#destroy"</span> <span class="n">get</span> <span class="s2">"login"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"sessions#new"</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Add sign-in form. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/sessions/new.html.erb --&gt; &lt;%= form_with url: login_path, scope: :user do |form| %&gt; &lt;div&gt; &lt;%= form.label :email %&gt; &lt;%= form.email_field :email, required: true %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password %&gt; &lt;%= form.password_field :password, required: true %&gt; &lt;/div&gt; &lt;%= form.submit "Sign In" %&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>create</code> method simply checks if the user exists and is confirmed. If they are, then we check their password. If the password is correct, we log them in via the <code>login</code> method we created in the <code>Authentication</code> Concern. Otherwise, we render an alert. <ul> <li>We're able to call <code>user.authenticate</code> because of <a href="https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password">has_secure_password</a> </li> <li>Note that we call <code>downcase</code> on the email to account for case sensitivity when searching.</li> <li>Note that we set the flash to "Incorrect email or password." if the user is unconfirmed. This prevents leaking email addresses.</li> </ul> </li> <li>The <code>destroy</code> method simply calls the <code>logout</code> method we created in the <code>Authentication</code> Concern.</li> <li>The login form is passed a <code>scope: :user</code> option so that the params are namespaced as <code>params[:user][:some_value]</code>. This is not required, but it helps keep things organized.</li> </ul> </blockquote> <h2> Step 8: Update Existing Controllers </h2> <ol> <li>Update Controllers to prevent authenticated users from accessing pages intended for anonymous users. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/confirmations_controller.rb</span> <span class="k">class</span> <span class="nc">ConfirmationsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:redirect_if_authenticated</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:new</span><span class="p">]</span> <span class="k">def</span> <span class="nf">edit</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">confirm!</span> <span class="n">login</span> <span class="vi">@user</span> <span class="o">...</span> <span class="k">else</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Note that we also call <code>login @user</code> once a user is confirmed. That way they'll be automatically logged in after confirming their email.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/users_controller.rb</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:redirect_if_authenticated</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:new</span><span class="p">]</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <h2> Step 9: Add Password Reset Functionality </h2> <ol> <li>Update User Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="no">PASSWORD_RESET_TOKEN_EXPIRATION</span> <span class="o">=</span> <span class="mi">10</span><span class="p">.</span><span class="nf">minutes</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">generate_password_reset_token</span> <span class="n">signed_id</span> <span class="ss">expires_in: </span><span class="no">PASSWORD_RESET_TOKEN_EXPIRATION</span><span class="p">,</span> <span class="ss">purpose: :reset_password</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">send_password_reset_email!</span> <span class="n">password_reset_token</span> <span class="o">=</span> <span class="n">generate_password_reset_token</span> <span class="no">UserMailer</span><span class="p">.</span><span class="nf">password_reset</span><span class="p">(</span><span class="nb">self</span><span class="p">,</span> <span class="n">password_reset_token</span><span class="p">).</span><span class="nf">deliver_now</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update User Mailer. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/mailers/user_mailer.rb</span> <span class="k">class</span> <span class="nc">UserMailer</span> <span class="o">&lt;</span> <span class="no">ApplicationMailer</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">password_reset</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">password_reset_token</span><span class="p">)</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">user</span> <span class="vi">@password_reset_token</span> <span class="o">=</span> <span class="n">password_reset_token</span> <span class="n">mail</span> <span class="ss">to: </span><span class="vi">@user</span><span class="p">.</span><span class="nf">email</span><span class="p">,</span> <span class="ss">subject: </span><span class="s2">"Password Reset Instructions"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/user_mailer/password_reset.html.erb --&gt; &lt;h1&gt;Password Reset Instructions&lt;/h1&gt; &lt;%= link_to "Click here to reset your password.", edit_password_url(@password_reset_token) %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/user_mailer/password_reset.text.erb --&gt; Password Reset Instructions &lt;%= edit_password_url(@password_reset_token) %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>generate_password_reset_token</code> method creates a <a href="https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html#method-i-signed_id">signed_id</a> that will be used to securely identify the user. For added security, we ensure that this ID will expire in 10 minutes (this can be controlled with the <code>PASSWORD_RESET_TOKEN_EXPIRATION</code> constant) and give it an explicit purpose of <code>:reset_password</code>.</li> <li>The <code>send_password_reset_email!</code> method will create a new <code>password_reset_token</code>. This is to ensure password reset links expire and cannot be reused. It will also send the password reset email to the user.</li> </ul> </blockquote> <h2> Step 10: Build Password Reset Forms </h2> <ol> <li>Create Passwords Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g controller Passwords </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/passwords_controller.rb</span> <span class="k">class</span> <span class="nc">PasswordsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:redirect_if_authenticated</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:email</span><span class="p">].</span><span class="nf">downcase</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">confirmed?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">send_password_reset_email!</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"If that user exists we've sent instructions to their email."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Please confirm your email first."</span> <span class="k">end</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"If that user exists we've sent instructions to their email."</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">edit</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_signed</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:password_reset_token</span><span class="p">],</span> <span class="ss">purpose: :reset_password</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"You must confirm your email before you can sign in."</span> <span class="k">elsif</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">nil?</span> <span class="n">redirect_to</span> <span class="n">new_password_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Invalid or expired token."</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">new</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_signed</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:password_reset_token</span><span class="p">],</span> <span class="ss">purpose: :reset_password</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"You must confirm your email before you can sign in."</span> <span class="k">elsif</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">password_params</span><span class="p">)</span> <span class="n">redirect_to</span> <span class="n">login_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Sign in."</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:alert</span><span class="p">]</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span><span class="p">.</span><span class="nf">to_sentence</span> <span class="n">render</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:alert</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"Invalid or expired token."</span> <span class="n">render</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">password_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:user</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:password</span><span class="p">,</span> <span class="ss">:password_confirmation</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>create</code> action will send an email to the user containing a link that will allow them to reset the password. The link will contain their <code>password_reset_token</code> which is unique and expires. Note that we call <code>downcase</code> on the email to account for case sensitivity when searching. <ul> <li>You'll remember that the <code>password_reset_token</code> is a <a href="https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html#method-i-signed_id">signed_id</a>, and is set to expire in 10 minutes. You'll also note that we need to pass the method <code>purpose: :reset_password</code> to be consistent with the purpose that was set in the <code>generate_password_reset_token</code> method. </li> <li>Note that we return <code>Invalid or expired token.</code> if the user is not found. This makes it difficult for a bad actor to use the reset form to see which email accounts exist on the application.</li> </ul> </li> <li>The <code>edit</code> action simply renders the form for the user to update their password. It attempts to find a user by their <code>password_reset_token</code>. You can think of the <code>password_reset_token</code> as a way to identify the user much like how we normally identify records by their ID. However, the <code>password_reset_token</code> is randomly generated and will expire so it's more secure.</li> <li>The <code>new</code> action simply renders a form for the user to put their email address in to receive the password reset email.</li> <li>The <code>update</code> also ensures the user is identified by their <code>password_reset_token</code>. It's not enough to just do this on the <code>edit</code> action since a bad actor could make a <code>PUT</code> request to the server and bypass the form. <ul> <li>If the user exists and is confirmed we update their password to the one they will set in the form. Otherwise, we handle each failure case differently.</li> </ul> </li> </ul> </blockquote> <ol> <li>Update Routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">resources</span> <span class="ss">:passwords</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">:update</span><span class="p">],</span> <span class="ss">param: :password_reset_token</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li> We add <code>param: :password_reset_token</code> as a <a href="https://guides.rubyonrails.org/routing.html#overriding-named-route-parameters">named route parameter</a> so that we can identify users by their <code>password_reset_token</code> and not <code>id</code>. This is similar to what we did with the confirmations routes and ensures a user cannot be identified by their ID.</li> </ul> </blockquote> <ol> <li>Build forms. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/passwords/new.html.erb --&gt; &lt;%= form_with url: passwords_path, scope: :user do |form| %&gt; &lt;%= form.email_field :email, required: true %&gt; &lt;%= form.submit "Reset Password" %&gt; &lt;% end %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/passwords/edit.html.erb --&gt; &lt;%= form_with url: password_path(params[:password_reset_token]), scope: :user, method: :put do |form| %&gt; &lt;div&gt; &lt;%= form.label :password %&gt; &lt;%= form.password_field :password, required: true %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password_confirmation %&gt; &lt;%= form.password_field :password_confirmation, required: true %&gt; &lt;/div&gt; &lt;%= form.submit "Update Password" %&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The password reset form is passed a <code>scope: :user</code> option so that the params are namespaced as <code>params[:user][:some_value]</code>. This is not required, but it helps keep things organized.</li> </ul> </blockquote> <h2> Step 11: Add Unconfirmed Email Column To Users Table </h2> <ol> <li>Create and run migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g migration add_unconfirmed_email_to_users unconfirmed_email:string rails db:migrate </code></pre> </div> <ol> <li>Update User Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="nb">attr_accessor</span> <span class="ss">:current_password</span> <span class="o">...</span> <span class="n">before_save</span> <span class="ss">:downcase_unconfirmed_email</span> <span class="o">...</span> <span class="n">validates</span> <span class="ss">:unconfirmed_email</span><span class="p">,</span> <span class="ss">format: </span><span class="p">{</span><span class="ss">with: </span><span class="no">URI</span><span class="o">::</span><span class="no">MailTo</span><span class="o">::</span><span class="no">EMAIL_REGEXP</span><span class="p">,</span> <span class="ss">allow_blank: </span><span class="kp">true</span><span class="p">}</span> <span class="k">def</span> <span class="nf">confirm!</span> <span class="k">if</span> <span class="n">unconfirmed_or_reconfirming?</span> <span class="k">if</span> <span class="n">unconfirmed_email</span><span class="p">.</span><span class="nf">present?</span> <span class="k">return</span> <span class="kp">false</span> <span class="k">unless</span> <span class="n">update</span><span class="p">(</span><span class="ss">email: </span><span class="n">unconfirmed_email</span><span class="p">,</span> <span class="ss">unconfirmed_email: </span><span class="kp">nil</span><span class="p">)</span> <span class="k">end</span> <span class="n">update_columns</span><span class="p">(</span><span class="ss">confirmed_at: </span><span class="no">Time</span><span class="p">.</span><span class="nf">current</span><span class="p">)</span> <span class="k">else</span> <span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">confirmable_email</span> <span class="k">if</span> <span class="n">unconfirmed_email</span><span class="p">.</span><span class="nf">present?</span> <span class="n">unconfirmed_email</span> <span class="k">else</span> <span class="n">email</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">reconfirming?</span> <span class="n">unconfirmed_email</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">unconfirmed_or_reconfirming?</span> <span class="n">unconfirmed?</span> <span class="o">||</span> <span class="n">reconfirming?</span> <span class="k">end</span> <span class="kp">private</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">downcase_unconfirmed_email</span> <span class="k">return</span> <span class="k">if</span> <span class="n">unconfirmed_email</span><span class="p">.</span><span class="nf">nil?</span> <span class="nb">self</span><span class="p">.</span><span class="nf">unconfirmed_email</span> <span class="o">=</span> <span class="n">unconfirmed_email</span><span class="p">.</span><span class="nf">downcase</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add a <code>unconfirmed_email</code> column to the <code>users</code> table so that we have a place to store the email a user is trying to use after their account has been confirmed with their original email.</li> <li>We add <code>attr_accessor :current_password</code> so that we'll be able to use <code>f.password_field :current_password</code> in the user form (which doesn't exist yet). This will allow us to require the user to submit their current password before they can update their account.</li> <li>We ensure to format the <code>unconfirmed_email</code> before saving it to the database. This ensures all data is saved consistently.</li> <li>We add validations to the <code>unconfirmed_email</code> column ensuring it's a valid email address.</li> <li>We update the <code>confirm!</code> method to set the <code>email</code> column to the value of the <code>unconfirmed_email</code> column, and then clear out the <code>unconfirmed_email</code> column. This will only happen if a user is trying to confirm a new email address. Note that we return <code>false</code> if updating the email address fails. This could happen if a user tries to confirm an email address that has already been confirmed. </li> <li>We add the <code>confirmable_email</code> method so that we can call the correct email in the updated <code>UserMailer</code>.</li> <li>We add <code>reconfirming?</code> and <code>unconfirmed_or_reconfirming?</code> to help us determine what state a user is in. This will come in handy later in our controllers.</li> </ul> </blockquote> <ol> <li>Update User Mailer. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/mailers/user_mailer.rb</span> <span class="k">class</span> <span class="nc">UserMailer</span> <span class="o">&lt;</span> <span class="no">ApplicationMailer</span> <span class="k">def</span> <span class="nf">confirmation</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">confirmation_token</span><span class="p">)</span> <span class="o">...</span> <span class="n">mail</span> <span class="ss">to: </span><span class="vi">@user</span><span class="p">.</span><span class="nf">confirmable_email</span><span class="p">,</span> <span class="ss">subject: </span><span class="s2">"Confirmation Instructions"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update Confirmations Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/confirmations_controller.rb</span> <span class="k">class</span> <span class="nc">ConfirmationsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">edit</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">confirm!</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Your account has been confirmed."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Something went wrong."</span> <span class="k">end</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We update the <code>edit</code> method to account for the return value of <code>@user.confirm!</code>. If for some reason <code>@user.confirm!</code> returns <code>false</code> (which would most likely happen if the email has already been taken) then we render a generic error. This prevents leaking email addresses.</li> </ul> </blockquote> <h2> Step 12: Update Users Controller </h2> <ol> <li>Update Authentication Concern. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">authenticate_user!</span> <span class="n">redirect_to</span> <span class="n">login_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"You need to login to access that page."</span> <span class="k">unless</span> <span class="n">user_signed_in?</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>authenticate_user!</code> method can be called to ensure an anonymous user cannot access a page that requires a user to be logged in. We'll need this when we build the page allowing a user to edit or delete their profile.</li> </ul> </blockquote> <ol> <li>Add destroy, edit and update methods. Modify create method and user_params. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/users_controller.rb</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:edit</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">create_user_params</span><span class="p">)</span> <span class="o">...</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">destroy</span> <span class="n">reset_session</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Your account has been deleted."</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">edit</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">current_user</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">update</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">current_user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:current_password</span><span class="p">])</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">update_user_params</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:unconfirmed_email</span><span class="p">].</span><span class="nf">present?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">send_confirmation_email!</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Check your email for confirmation instructions."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Account updated."</span> <span class="k">end</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:error</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"Incorrect password"</span> <span class="n">render</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">create_user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:user</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:email</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:password_confirmation</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update_user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:user</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:current_password</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:password_confirmation</span><span class="p">,</span> <span class="ss">:unconfirmed_email</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We call <code>authenticate_user!</code> before editing, destroying, or updating a user since only an authenticated user should be able to do this.</li> <li>We update the <code>create</code> method to accept <code>create_user_params</code> (formerly <code>user_params</code>). This is because we're going to require different parameters for creating an account vs. editing an account.</li> <li>The <code>destroy</code> action simply deletes the user and logs them out. Note that we're calling <code>current_user</code>, so this action can only be scoped to the user who is logged in.</li> <li>The <code>edit</code> action simply assigns <code>@user</code> to the <code>current_user</code> so that we have access to the user in the edit form.</li> <li>The <code>update</code> action first checks if their password is correct. Note that we're passing this in as <code>current_password</code> and not <code>password</code>. This is because we still want a user to be able to change their password and therefore we need another parameter to store this value. This is also why we have a private <code>update_user_params</code> method. <ul> <li>If the user is updating their email address (via <code>unconfirmed_email</code>) we send a confirmation email to that new email address before setting it as the <code>email</code> value.</li> <li>We force a user to always put in their <code>current_password</code> as an extra security measure in case someone leaves their browser open on a public computer.</li> </ul> </li> </ul> </blockquote> <ol> <li>Update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">put</span> <span class="s2">"account"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#update"</span> <span class="n">get</span> <span class="s2">"account"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#edit"</span> <span class="n">delete</span> <span class="s2">"account"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#destroy"</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Create an edit form. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/users/edit.html.erb --&gt; &lt;%= form_with model: @user, url: account_path, method: :put do |form| %&gt; &lt;%= render partial: "shared/form_errors", locals: { object: form.object } %&gt; &lt;div&gt; &lt;%= form.label :email, "Current Email" %&gt; &lt;%= form.email_field :email, disabled: true %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :unconfirmed_email, "New Email" %&gt; &lt;%= form.text_field :unconfirmed_email %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password, "Password (leave blank if you don't want to change it)" %&gt; &lt;%= form.password_field :password %&gt; &lt;/div&gt; &lt;div&gt; &lt;%= form.label :password_confirmation %&gt; &lt;%= form.password_field :password_confirmation %&gt; &lt;/div&gt; &lt;hr/&gt; &lt;div&gt; &lt;%= form.label :current_password, "Current password (we need your current password to confirm your changes)" %&gt; &lt;%= form.password_field :current_password, required: true %&gt; &lt;/div&gt; &lt;%= form.submit "Update Account" %&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We <code>disable</code> the <code>email</code> field to ensure we're not passing that value back to the controller. This is just so the user can see what their current email is.</li> <li>We <code>require</code> the <code>current_password</code> field since we'll always want a user to confirm their password before making changes.</li> <li>The <code>password</code> and <code>password_confirmation</code> fields are there if a user wants to update their current password.</li> </ul> </blockquote> <h2> Step 13: Update Confirmations Controller </h2> <ol> <li>Update edit action. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/confirmations_controller.rb</span> <span class="k">class</span> <span class="nc">ConfirmationsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">edit</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed_or_reconfirming?</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add <code>@user.unconfirmed_or_reconfirming?</code> to the conditional to ensure only unconfirmed users or users who are reconfirming can access this page. This is necessary since we're now allowing users to confirm new email addresses.</li> </ul> </blockquote> <h2> Step 14: Add Remember Token Column to Users Table </h2> <ol> <li>Create migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g migration add_remember_token_to_users remember_token:string </code></pre> </div> <ol> <li>Update migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/[timestamp]_add_remember_token_to_users.rb</span> <span class="k">class</span> <span class="nc">AddRememberTokenToUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:remember_token</span><span class="p">,</span> <span class="ss">:string</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">add_index</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:remember_token</span><span class="p">,</span> <span class="ss">unique: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add <code>null: false</code> to ensure this column always has a value.</li> <li>We add a <a href="https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/Table.html#method-i-index">unique index</a> to ensure this column has unique data.</li> </ul> </blockquote> <ol> <li>Run migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails db:migrate </code></pre> </div> <ol> <li>Update the User model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="n">has_secure_token</span> <span class="ss">:remember_token</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We call <a href="https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token">has_secure_token</a> on the <code>remember_token</code>. This ensures that the value for this column will be set when the record is created. This value will be used later to securely identify the user.</li> </ul> </blockquote> <h2> Step 15: Update Authentication Concern </h2> <ol> <li>Add new helper methods. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="kp">extend</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">Concern</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">forget</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">delete</span> <span class="ss">:remember_token</span> <span class="n">user</span><span class="p">.</span><span class="nf">regenerate_remember_token</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">remember</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">user</span><span class="p">.</span><span class="nf">regenerate_remember_token</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">]</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">remember_token</span> <span class="k">end</span> <span class="o">...</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span> <span class="o">||=</span> <span class="k">if</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_user_id</span><span class="p">].</span><span class="nf">present?</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_user_id</span><span class="p">])</span> <span class="k">elsif</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">].</span><span class="nf">present?</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">remember_token: </span><span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">])</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>remember</code> method first regenerates a new <code>remember_token</code> to ensure these values are being rotated and can't be used more than once. We get the <code>regenerate_remember_token</code> method from <a href="https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token">has_secure_token</a>. Next, we assign this value to a <a href="https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html">cookie</a>. The call to <a href="https://api.rubyonrails.org/classes/ActionDispatch/Cookies/ChainedCookieJars.html#method-i-permanent">permanent</a> ensures the cookie won't expire until 20 years from now. The call to <a href="https://api.rubyonrails.org/classes/ActionDispatch/Cookies/ChainedCookieJars.html#method-i-encrypted">encrypted</a> ensures the value will be encrypted. This is vital since this value is used to identify the user and is being set in the browser.</li> <li>The <code>forget</code> method deletes the cookie and regenerates a new <code>remember_token</code> to ensure these values are being rotated and can't be used more than once.</li> <li>We update the <code>current_user</code> method by adding a conditional to first try and find the user by the session, and then fallback to finding the user by the cookie. This is the logic that allows a user to completely exit their browser and remain logged in when they return to the website since the cookie will still be set.</li> </ul> </blockquote> <h2> Step 16: Update Sessions Controller </h2> <ol> <li>Update the <code>create</code> and <code>destroy</code> methods. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:destroy</span><span class="p">]</span> <span class="k">def</span> <span class="nf">create</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="o">...</span> <span class="k">elsif</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:password</span><span class="p">])</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">remember</span><span class="p">(</span><span class="vi">@user</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:remember_me</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"1"</span> <span class="o">...</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">forget</span><span class="p">(</span><span class="n">current_user</span><span class="p">)</span> <span class="o">...</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We conditionally call <code>remember(@user)</code> in the <code>create</code> method if the user has checked the "Remember me" checkbox. We still need to add this to our form.</li> <li>We call <code>forget(current_user)</code> in the <code>destroy</code> method to ensure we delete the <code>remember_me</code> cookie and regenerate the user's <code>remember_token</code> token.</li> <li>We also add a <code>before_action</code> to ensure only authenticated users can access the <code>destroy</code> action.</li> </ul> </blockquote> <ol> <li>Add the "Remember me" checkbox to the login form. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/sessions/new.html.erb --&gt; &lt;%= form_with url: login_path, scope: :user do |form| %&gt; ... &lt;div&gt; &lt;%= form.label :remember_me %&gt; &lt;%= form.check_box :remember_me %&gt; &lt;/div&gt; &lt;%= form.submit "Sign In" %&gt; &lt;% end %&gt; </code></pre> </div> <h2> Step 17: Add Friendly Redirects </h2> <ol> <li>Update Authentication Concern. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">authenticate_user!</span> <span class="n">store_location</span> <span class="o">...</span> <span class="k">end</span> <span class="o">...</span> <span class="kp">private</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">store_location</span> <span class="n">session</span><span class="p">[</span><span class="ss">:user_return_to</span><span class="p">]</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">original_url</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="nf">get?</span> <span class="o">&amp;&amp;</span> <span class="n">request</span><span class="p">.</span><span class="nf">local?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>store_location</code> method stores the <a href="https://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-original_url">request.original_url</a> in the <a href="https://guides.rubyonrails.org/action_controller_overview.html#session">session</a> so it can be retrieved later. We only do this if the request made was a <code>get</code> request. We also call <code>request.local?</code> to ensure it was a local request. This prevents redirecting to an external application.</li> <li>We call <code>store_location</code> in the <code>authenticate_user!</code> method so that we can save the path to the page the user was trying to visit before they were redirected to the login page. We need to do this before visiting the login page otherwise the call to <code>request.original_url</code> will always return the url to the login page.</li> </ul> </blockquote> <ol> <li>Update Sessions Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">create</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="o">...</span> <span class="k">elsif</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:password</span><span class="p">])</span> <span class="n">after_login_path</span> <span class="o">=</span> <span class="n">session</span><span class="p">[</span><span class="ss">:user_return_to</span><span class="p">]</span> <span class="o">||</span> <span class="n">root_path</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">remember</span><span class="p">(</span><span class="vi">@user</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:remember_me</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"1"</span> <span class="n">redirect_to</span> <span class="n">after_login_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed in."</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>after_login_path</code> variable it set to be whatever is in the <code>session[:user_return_to]</code>. If there's nothing in <code>session[:user_return_to]</code> then it defaults to the <code>root_path</code>.</li> <li>Note that we call this method before calling <code>login</code>. This is because <code>login</code> calls <code>reset_session</code> which would deleted the <code>session[:user_return_to]</code>.</li> </ul> </blockquote> <h2> Step 17: Account for Timing Attacks </h2> <ol> <li>Update the User model.</li> </ol> <p><strong><a href="https://edgeapi.rubyonrails.org/classes/ActiveRecord/SecurePassword/ClassMethods.html#method-i-authenticate_by">Note that this class method will be available in Rails 7.1</a></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">authenticate_by</span><span class="p">(</span><span class="n">attributes</span><span class="p">)</span> <span class="n">passwords</span><span class="p">,</span> <span class="n">identifiers</span> <span class="o">=</span> <span class="n">attributes</span><span class="p">.</span><span class="nf">to_h</span><span class="p">.</span><span class="nf">partition</span> <span class="k">do</span> <span class="o">|</span><span class="nb">name</span><span class="p">,</span> <span class="n">value</span><span class="o">|</span> <span class="o">!</span><span class="n">has_attribute?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="n">has_attribute?</span><span class="p">(</span><span class="s2">"</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">_digest"</span><span class="p">)</span> <span class="k">end</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="o">&amp;</span><span class="ss">:to_h</span><span class="p">)</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"One or more password arguments are required"</span> <span class="k">if</span> <span class="n">passwords</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"One or more finder arguments are required"</span> <span class="k">if</span> <span class="n">identifiers</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">if</span> <span class="p">(</span><span class="n">record</span> <span class="o">=</span> <span class="n">find_by</span><span class="p">(</span><span class="n">identifiers</span><span class="p">))</span> <span class="n">record</span> <span class="k">if</span> <span class="n">passwords</span><span class="p">.</span><span class="nf">count</span> <span class="p">{</span> <span class="o">|</span><span class="nb">name</span><span class="p">,</span> <span class="n">value</span><span class="o">|</span> <span class="n">record</span><span class="p">.</span><span class="nf">public_send</span><span class="p">(</span><span class="ss">:"authenticate_</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="ss">"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="p">}</span> <span class="o">==</span> <span class="n">passwords</span><span class="p">.</span><span class="nf">size</span> <span class="k">else</span> <span class="n">new</span><span class="p">(</span><span class="n">passwords</span><span class="p">)</span> <span class="kp">nil</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>This class method serves to find a user using the non-password attributes (such as email), and then authenticates that record using the password attributes. Regardless of whether a user is found or authentication succeeds, <code>authenticate_by</code> will take the same amount of time. This prevents <a href="https://en.wikipedia.org/wiki/Timing_attack">timing-based enumeration attacks</a>, wherein an attacker can determine if a password record exists even without knowing the password.</li> </ul> </blockquote> <ol> <li>Update the Sessions Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">authenticate_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:email</span><span class="p">].</span><span class="nf">downcase</span><span class="p">,</span> <span class="ss">password: </span><span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:password</span><span class="p">])</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="n">redirect_to</span> <span class="n">new_confirmation_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"Incorrect email or password."</span> <span class="k">else</span> <span class="n">after_login_path</span> <span class="o">=</span> <span class="n">session</span><span class="p">[</span><span class="ss">:user_return_to</span><span class="p">]</span> <span class="o">||</span> <span class="n">root_path</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">remember</span><span class="p">(</span><span class="vi">@user</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:remember_me</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"1"</span> <span class="n">redirect_to</span> <span class="n">after_login_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed in."</span> <span class="k">end</span> <span class="k">else</span> <span class="n">flash</span><span class="p">.</span><span class="nf">now</span><span class="p">[</span><span class="ss">:alert</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"Incorrect email or password."</span> <span class="n">render</span> <span class="ss">:new</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We refactor the <code>create</code> method to always start by finding and authenticating the user. Not only does this prevent timing attacks, but it also prevents accidentally leaking email addresses. This is because we were originally checking if a user was confirmed before authenticating them. That means a bad actor could try and sign in with an email address to see if it exists on the system without needing to know the password.</li> </ul> </blockquote> <h2> Step 18: Store Session in the Database </h2> <p>We're currently setting the user's ID in the session. Even though that value is encrypted, the encrypted value doesn't change since it's based on the user id which doesn't change. This means that if a bad actor were to get a copy of the session they would have access to a victim's account in perpetuity. One solution is to <a href="https://guides.rubyonrails.org/security.html#rotating-encrypted-and-signed-cookies-configurations">rotate encrypted and signed cookie configurations</a>. Another option is to configure the <a href="https://guides.rubyonrails.org/configuring.html#config-session-store">Rails session store</a> to use <code>mem_cache_store</code> to store session data. </p> <p>The solution we will implement is to set a rotating value to identify the user and store that value in the database.</p> <ol> <li>Generate ActiveSession model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g model active_session user:references </code></pre> </div> <ol> <li>Update the migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateActiveSessions</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:active_sessions</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">references</span> <span class="ss">:user</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span><span class="p">,</span> <span class="ss">foreign_key: </span><span class="p">{</span><span class="ss">on_delete: :cascade</span><span class="p">}</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We update the <code>foreign_key</code> option from <code>true</code> to <code>{on_delete: :cascade}</code>. The <a href="https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html#method-i-add_foreign_key-label-Creating+a+cascading+foreign+key">on_delete</a> option will delete any <code>active_session</code> record if its associated <code>user</code> is deleted from the database.</li> </ul> </blockquote> <ol> <li>Run migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails db:migrate </code></pre> </div> <ol> <li>Update User model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="n">has_many</span> <span class="ss">:active_sessions</span><span class="p">,</span> <span class="ss">dependent: :destroy</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update Authentication Concern </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">reset_session</span> <span class="n">active_session</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">create!</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">id</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">logout</span> <span class="n">active_session</span> <span class="o">=</span> <span class="no">ActiveSession</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">])</span> <span class="n">reset_session</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">destroy!</span> <span class="k">if</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="o">...</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span> <span class="o">=</span> <span class="k">if</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">].</span><span class="nf">present?</span> <span class="no">ActiveSession</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">]).</span><span class="nf">user</span> <span class="k">elsif</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">].</span><span class="nf">present?</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">remember_token: </span><span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">])</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We update the <code>login</code> method by creating a new <code>active_session</code> record and then storing it's ID in the <code>session</code>. Note that we replaced <code>session[:current_user_id]</code> with <code>session[:current_active_session_id]</code>.</li> <li>We update the <code>logout</code> method by first finding the <code>active_session</code> record from the <code>session</code>. After we call <code>reset_session</code> we then delete the <code>active_session</code> record if it exists. We need to check if it exists because in a future section we will allow a user to log out all current active sessions.</li> <li>We update the <code>current_user</code> method by finding the <code>active_session</code> record from the <code>session</code>, and then returning its associated <code>user</code>. Note that we've replaced all instances of <code>session[:current_user_id]</code> with <code>session[:current_active_session_id]</code>.</li> </ul> </blockquote> <ol> <li>Force SSL. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/environments/production.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">...</span> <span class="n">config</span><span class="p">.</span><span class="nf">force_ssl</span> <span class="o">=</span> <span class="kp">true</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We force SSL in production to prevent <a href="https://guides.rubyonrails.org/security.html#session-hijacking">session hijacking</a>. Even though the session is encrypted we want to prevent the cookie from being exposed through an insecure network. If it were exposed, a bad actor could sign in as the victim.</li> </ul> </blockquote> <h2> Step 19: Capture Request Details for Each New Session </h2> <ol> <li>Add new columns to the active_sessions table. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g migration add_request_columns_to_active_sessions user_agent:string ip_address:string rails db:migrate </code></pre> </div> <ol> <li>Update login method to capture request details. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">reset_session</span> <span class="n">active_session</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">user_agent: </span><span class="n">request</span><span class="p">.</span><span class="nf">user_agent</span><span class="p">,</span> <span class="ss">ip_address: </span><span class="n">request</span><span class="p">.</span><span class="nf">ip</span><span class="p">)</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">id</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add columns to the <code>active_sessions</code> table to store data about when and where these sessions are being created. We are able to do this by tapping into the <a href="https://api.rubyonrails.org/classes/ActionDispatch/Request.html">request object</a> and returning the <a href="https://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-ip">ip</a> and user agent. The user agent is simply the browser and device.</li> </ul> </blockquote> <ol> <li>Update Users Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/users_controller.rb</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">edit</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">current_user</span> <span class="vi">@active_sessions</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">update</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">current_user</span> <span class="vi">@active_sessions</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Create active session partial. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/active_sessions/_active_session.html.erb --&gt; &lt;tr&gt; &lt;td&gt;&lt;%= active_session.user_agent %&gt;&lt;/td&gt; &lt;td&gt;&lt;%= active_session.ip_address %&gt;&lt;/td&gt; &lt;td&gt;&lt;%= active_session.created_at %&gt;&lt;/td&gt; &lt;/tr&gt; </code></pre> </div> <ol> <li>Update account page. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/users/edit.html.erb --&gt; ... &lt;h2&gt;Current Logins&lt;/h2&gt; &lt;% if @active_sessions.any? %&gt; &lt;table&gt; &lt;thead&gt; &lt;tr&gt; &lt;th&gt;User Agent&lt;/th&gt; &lt;th&gt;IP Address&lt;/th&gt; &lt;th&gt;Signed In At&lt;/th&gt; &lt;/tr&gt; &lt;/thead&gt; &lt;tbody&gt; &lt;%= render @active_sessions %&gt; &lt;/tbody&gt; &lt;/table&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We're simply showing any <code>active_session</code> associated with the <code>current_user</code>. By rendering the <code>user_agent</code>, <code>ip_address</code>, and <code>created_at</code> values we're giving the <code>current_user</code> all the information they need to know if there's any suspicious activity happening with their account. For example, if there's an <code>active_session</code> with a unfamiliar IP address or browser, this could indicate that the user's account has been compromised.</li> <li>Note that we also instantiate <code>@active_sessions</code> in the <code>update</code> method. This is because the <code>update</code> method renders the <code>edit</code> method during failure cases.</li> </ul> </blockquote> <h2> Step 20: Allow User to Sign Out Specific Active Sessions </h2> <ol> <li>Generate the Active Sessions Controller and update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller active_sessions </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/active_sessions_controller.rb</span> <span class="k">class</span> <span class="nc">ActiveSessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@active_session</span> <span class="o">=</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="vi">@active_session</span><span class="p">.</span><span class="nf">destroy</span> <span class="k">if</span> <span class="n">current_user</span> <span class="n">redirect_to</span> <span class="n">account_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Session deleted."</span> <span class="k">else</span> <span class="n">reset_session</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed out."</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy_all</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">destroy_all</span> <span class="n">reset_session</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Signed out."</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">resources</span> <span class="ss">:active_sessions</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:destroy</span><span class="p">]</span> <span class="k">do</span> <span class="n">collection</span> <span class="k">do</span> <span class="n">delete</span> <span class="s2">"destroy_all"</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We ensure only users who are logged in can access these endpoints by calling <code>before_action :authenticate_user!</code>.</li> <li>The <code>destroy</code> method simply looks for an <code>active_session</code> associated with the <code>current_user</code>. This ensures that a user can only delete sessions associated with their account. <ul> <li>Once we destroy the <code>active_session</code> we then redirect back to the account page or to the homepage. This is because a user may not be deleting a session for the device or browser they're currently logged into. Note that we only call <a href="https://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-reset_session">reset_session</a> if the user has deleted a session for the device or browser they're currently logged into, as this is the same as logging out.</li> </ul> </li> <li>The <code>destroy_all</code> method is a <a href="https://guides.rubyonrails.org/routing.html#adding-collection-routes">collection route</a> that will destroy all <code>active_session</code> records associated with the <code>current_user</code>. Note that we call <code>reset_session</code> because we will be logging out the <code>current_user</code> during this request.</li> </ul> </blockquote> <ol> <li>Update views by adding buttons to destroy sessions. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/users/edit.html.erb --&gt; ... &lt;h2&gt;Current Logins&lt;/h2&gt; &lt;% if @active_sessions.any? %&gt; &lt;%= button_to "Log out of all other sessions", destroy_all_active_sessions_path, method: :delete %&gt; &lt;table&gt; &lt;thead&gt; &lt;tr&gt; &lt;th&gt;User Agent&lt;/th&gt; &lt;th&gt;IP Address&lt;/th&gt; &lt;th&gt;Signed In At&lt;/th&gt; &lt;th&gt;Sign Out&lt;/th&gt; &lt;/tr&gt; &lt;/thead&gt; &lt;tbody&gt; &lt;%= render @active_sessions %&gt; &lt;/tbody&gt; &lt;/table&gt; &lt;% end %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- app/views/active_sessions/_active_session.html.erb --&gt; &lt;tr&gt; &lt;td&gt;&lt;%= active_session.user_agent %&gt;&lt;/td&gt; &lt;td&gt;&lt;%= active_session.ip_address %&gt;&lt;/td&gt; &lt;td&gt;&lt;%= active_session.created_at %&gt;&lt;/td&gt; &lt;td&gt;&lt;%= button_to "Sign Out", active_session_path(active_session), method: :delete %&gt;&lt;/td&gt; &lt;/tr&gt; </code></pre> </div> <ol> <li>Update Authentication Concern. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span> <span class="o">=</span> <span class="k">if</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">].</span><span class="nf">present?</span> <span class="no">ActiveSession</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">])</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">user</span> <span class="k">elsif</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">].</span><span class="nf">present?</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">remember_token: </span><span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">])</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>This is a very subtle change, but we've added a <a href="https://ruby-doc.org/core-2.6/doc/syntax/calling_methods_rdoc.html#label-Safe+navigation+operator">safe navigation operator</a> via the <code>&amp;.user</code> call. This is because <code>ActiveSession.find_by(id: session[:current_active_session_id])</code> can now return <code>nil</code> since we're able to delete other <code>active_session</code> records.</li> </ul> </blockquote> <h2> Step 21: Refactor Remember Logic </h2> <p>Since we're now associating our sessions with an <code>active_session</code> and not a <code>user</code>, we'll want to remove the <code>remember_token</code> token from the <code>users</code> table and onto the <code>active_sessions</code>.</p> <ol> <li>Move remember_token column from users to active_sessions table. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g migration move_remember_token_from_users_to_active_sessions </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/[timestamp]_move_remember_token_from_users_to_active_sessions.rb</span> <span class="k">class</span> <span class="nc">MoveRememberTokenFromUsersToActiveSessions</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">remove_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:remember_token</span> <span class="n">add_column</span> <span class="ss">:active_sessions</span><span class="p">,</span> <span class="ss">:remember_token</span><span class="p">,</span> <span class="ss">:string</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">add_index</span> <span class="ss">:active_sessions</span><span class="p">,</span> <span class="ss">:remember_token</span><span class="p">,</span> <span class="ss">unique: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Run migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails db:migrate </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add <code>null: false</code> to ensure this column always has a value.</li> <li>We add a <a href="https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/Table.html#method-i-index">unique index</a> to ensure this column has unique data.</li> </ul> </blockquote> <ol> <li>Update User Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code> class User &lt; ApplicationRecord ... <span class="gd">- has_secure_token :remember_token </span> ... end </code></pre> </div> <ol> <li>Update Active Session Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/active_session.rb</span> <span class="k">class</span> <span class="nc">ActiveSession</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="n">has_secure_token</span> <span class="ss">:remember_token</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We call <a href="https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token">has_secure_token</a> on the <code>remember_token</code>. This ensures that the value for this column will be set when the record is created. This value will be used later to securely identify the user.</li> <li>Note that we remove this from the <code>user</code> model.</li> </ul> </blockquote> <ol> <li>Refactor the Authentication Concern. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/concerns/authentication.rb</span> <span class="k">module</span> <span class="nn">Authentication</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">reset_session</span> <span class="n">active_session</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">user_agent: </span><span class="n">request</span><span class="p">.</span><span class="nf">user_agent</span><span class="p">,</span> <span class="ss">ip_address: </span><span class="n">request</span><span class="p">.</span><span class="nf">ip</span><span class="p">)</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">id</span> <span class="n">active_session</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">forget_active_session</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">delete</span> <span class="ss">:remember_token</span> <span class="k">end</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">remember</span><span class="p">(</span><span class="n">active_session</span><span class="p">)</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">]</span> <span class="o">=</span> <span class="n">active_session</span><span class="p">.</span><span class="nf">remember_token</span> <span class="k">end</span> <span class="o">...</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="no">Current</span><span class="p">.</span><span class="nf">user</span> <span class="o">=</span> <span class="k">if</span> <span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">].</span><span class="nf">present?</span> <span class="no">ActiveSession</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">session</span><span class="p">[</span><span class="ss">:current_active_session_id</span><span class="p">])</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">user</span> <span class="k">elsif</span> <span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">].</span><span class="nf">present?</span> <span class="no">ActiveSession</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">remember_token: </span><span class="n">cookies</span><span class="p">.</span><span class="nf">permanent</span><span class="p">.</span><span class="nf">encrypted</span><span class="p">[</span><span class="ss">:remember_token</span><span class="p">])</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">user</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>The <code>login</code> method now returns the <code>active_session</code>. This will be used later when calling <code>SessionsController#create</code>.</li> <li>The <code>forget</code> method has been renamed to <code>forget_active_session</code> and no longer takes any arguments. This method simply deletes the <code>cookie</code>. We don't need to call <code>active_session.regenerate_remember_token</code> since the <code>active_session</code> will be deleted, and therefor cannot be referenced again.</li> <li>The <code>remember</code> method now accepts an <code>active_session</code> and not a <code>user</code>. We do not need to call <code>active_session.regenerate_remember_token</code> since a new <code>active_session</code> record will be created each time a user logs in. Note that we now save <code>active_session.remember_token</code> to the cookie.</li> <li>The <code>current_user</code> method now finds the <code>active_session</code> record if the <code>remember_token</code> is present and returns the user via the <a href="https://ruby-doc.org/core-2.6/doc/syntax/calling_methods_rdoc.html#label-Safe+navigation+operator">safe navigation operator</a>.</li> </ul> </blockquote> <ol> <li>Refactor the Sessions Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="o">...</span> <span class="k">if</span> <span class="vi">@user</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">unconfirmed?</span> <span class="o">...</span> <span class="k">else</span> <span class="o">...</span> <span class="n">active_session</span> <span class="o">=</span> <span class="n">login</span> <span class="vi">@user</span> <span class="n">remember</span><span class="p">(</span><span class="n">active_session</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">][</span><span class="ss">:remember_me</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"1"</span> <span class="k">end</span> <span class="k">else</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">forget_active_session</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>Since the <code>login</code> method now returns an <code>active_session</code>, we can take that value and pass it to <code>remember</code>.</li> <li>We replace <code>forget(current_user)</code> with <code>forget_active_session</code> to reflect changes to the method name and structure.</li> </ul> </blockquote> <ol> <li>Refactor Active Sessions Controller </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/active_sessions_controller.rb</span> <span class="k">class</span> <span class="nc">ActiveSessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="o">...</span> <span class="k">if</span> <span class="n">current_user</span> <span class="o">...</span> <span class="k">else</span> <span class="n">forget_active_session</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy_all</span> <span class="n">forget_active_session</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">active_sessions</span><span class="p">.</span><span class="nf">destroy_all</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> rails tutorial Rails Remote Elements Tutorial Steve Polito Tue, 09 Nov 2021 15:26:21 +0000 https://dev.to/stevepolitodesign/rails-remote-elements-tutorial-2kpb https://dev.to/stevepolitodesign/rails-remote-elements-tutorial-2kpb <p>Do you need to create real-time features in your Rails app, but either can't use Turbo or don't want to use a front end framework like React? Fortunately older versions of Rails actually provide this functionality of the box. In this tutorial I'll show you how to create a single page app in Rails from scratch using remote elements and Stimulus.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fstevepolitodesign%2Frails-remote-elements-tutorial%2Fmain%2Fpublic%2Fdemo.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fstevepolitodesign%2Frails-remote-elements-tutorial%2Fmain%2Fpublic%2Fdemo.gif" alt="Demo"></a></p> <h2> Formula </h2> <h3> Stimulus Controller </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@hotwired/stimulus</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">extends</span> <span class="nx">Controller</span> <span class="p">{</span> <span class="kd">static</span> <span class="nx">targets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">error</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">form</span><span class="dl">"</span><span class="p">];</span> <span class="kd">static</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">{</span> <span class="na">target</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">action</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">default</span><span class="p">:</span> <span class="dl">"</span><span class="s2">replace</span><span class="dl">"</span> <span class="p">},</span> <span class="p">};</span> <span class="nf">connect</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">target</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">hasTargetValue</span> <span class="o">&amp;&amp;</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">targetValue</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">action</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">hasActionValue</span> <span class="o">&amp;&amp;</span> <span class="k">this</span><span class="p">.</span><span class="nx">actionValue</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">actions</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">afterbegin</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">afterend</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">beforebegin</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">beforeend</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">remove</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">replace</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">update</span><span class="dl">"</span><span class="p">,</span> <span class="p">];</span> <span class="k">this</span><span class="p">.</span><span class="nx">element</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">ajax:error</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleError</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">element</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">ajax:success</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleSuccess</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">);</span> <span class="p">}</span> <span class="nf">actionIsPermitted</span><span class="p">(</span><span class="nx">action</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">actions</span><span class="p">.</span><span class="nf">indexOf</span><span class="p">(</span><span class="nx">action</span><span class="p">)</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="s2">`data-request-action-value="</span><span class="p">${</span><span class="nx">action</span><span class="p">}</span><span class="s2">" is not one of </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">actions</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span> <span class="dl">"</span><span class="s2">, </span><span class="dl">"</span> <span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">clearForm</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">hasFormTarget</span> <span class="o">&amp;&amp;</span> <span class="k">this</span><span class="p">.</span><span class="nx">formTarget</span><span class="p">.</span><span class="nf">reset</span><span class="p">();</span> <span class="p">}</span> <span class="nf">clearErrors</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">hasErrorTarget</span> <span class="o">&amp;&amp;</span> <span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">errorTarget</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="dl">""</span><span class="p">);</span> <span class="p">}</span> <span class="nf">handleError</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">response</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">detail</span><span class="p">[</span><span class="mi">2</span><span class="p">];</span> <span class="k">this</span><span class="p">.</span><span class="nx">errorTarget</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> <span class="nf">handleSuccess</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">response</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">detail</span><span class="p">[</span><span class="mi">2</span><span class="p">];</span> <span class="k">this</span><span class="p">.</span><span class="nf">clearErrors</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nf">clearForm</span><span class="p">();</span> <span class="k">this</span><span class="p">.</span><span class="nf">actionIsPermitted</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">action</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="k">this</span><span class="p">.</span><span class="nf">updateTarget</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">action</span><span class="p">,</span> <span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="nf">updateTarget</span><span class="p">(</span><span class="nx">action</span><span class="p">,</span> <span class="nx">response</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch </span><span class="p">(</span><span class="nx">action</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">"</span><span class="s2">remove</span><span class="dl">"</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nf">remove</span><span class="p">();</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">"</span><span class="s2">replace</span><span class="dl">"</span><span class="p">:</span> <span class="kd">const</span> <span class="nx">parser</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DOMParser</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="nx">parser</span><span class="p">.</span><span class="nf">parseFromString</span><span class="p">(</span><span class="nx">response</span><span class="p">,</span> <span class="dl">"</span><span class="s2">text/html</span><span class="dl">"</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nf">replaceWith</span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">firstChild</span><span class="p">);</span> <span class="k">break</span><span class="p">;</span> <span class="k">case</span> <span class="dl">"</span><span class="s2">update</span><span class="dl">"</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">response</span><span class="p">;</span> <span class="k">break</span><span class="p">;</span> <span class="nl">default</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">target</span><span class="p">.</span><span class="nf">insertAdjacentHTML</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">action</span><span class="p">,</span> <span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>Rails-ujs dispatches <a href="https://guides.rubyonrails.org/working_with_javascript_in_rails.html#rails-ujs-event-handlers" rel="noopener noreferrer">custom events</a> on the element creating the request. In our case we specifically listen for <code>ajax:error</code> and <code>ajax:success</code>. Those responses are returned via <code>event.detail[2]</code>.</li> <li>If the request was successful we simply update the DOM with the response according to the value of <code>this.actionValue</code>. We limit what actions can be used with <code>this.actionIsPermitted()</code>. These values are inspired by <a href="https://turbo.hotwired.dev/reference/streams#the-seven-actions" rel="noopener noreferrer">Turbo's seven actions</a> and are handled via <code>this.updateTarget()</code>.</li> <li>Since a request can come from a button, link, or form we need to conditionally handle rendering errors and clearing form data via <code>this.clearErrors()</code> and <code>this.clearForm()</code>. </li> </ul> </blockquote> <h3> Remote Element Markup </h3> <h4> Forms </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form_with</span><span class="err">(</span> <span class="na">local:</span> <span class="na">false</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target:</span> <span class="err">"</span><span class="na">form</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#some_dom_id</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">afterbegin</span> <span class="err">|</span> <span class="na">afterend</span> <span class="err">|</span> <span class="na">beforebegin</span> <span class="err">|</span> <span class="na">beforeend</span> <span class="err">|</span> <span class="na">remove</span> <span class="err">|</span> <span class="na">replace</span> <span class="err">|</span> <span class="na">update</span><span class="err">"</span> <span class="err">})</span> <span class="na">do</span> <span class="err">|</span><span class="na">form</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-request-target=</span><span class="s">"error"</span><span class="nt">&gt;&lt;/div&gt;</span> ... <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We need to add <code>local: false</code> to ensure the form will make an AJAX request.</li> <li>The <code>request_target: "form"</code> data attribute ensures the form will be cleared via <code>this.clearForm()</code>.</li> <li>The <code>request_target_value</code> data attribute references an element on the page that will be updated when the response from the server is successful.</li> <li>The <code>request_action_value</code> data attribute determines how the <code>request_target_value</code> element will be updated when the response from the server is successful.</li> <li>We add <code>&lt;div data-request-target="error"&gt;&lt;/div&gt;</code> so we can render any errors in the form if the object is not valid. </li> </ul> </blockquote> <h4> Buttons </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;</span><span class="err">%=</span> <span class="na">button_to</span><span class="err">(</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">form:</span> <span class="err">{</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#some_dom_id</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">afterbegin</span> <span class="err">|</span> <span class="na">afterend</span> <span class="err">|</span> <span class="na">beforebegin</span> <span class="err">|</span> <span class="na">beforeend</span> <span class="err">|</span> <span class="na">remove</span> <span class="err">|</span> <span class="na">replace</span> <span class="err">|</span> <span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">}</span> <span class="err">)</span> <span class="na">do</span> <span class="err">%</span><span class="nt">&gt;</span> ... <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We need to add <code>remote: true</code> to ensure the form will make an AJAX request.</li> <li>The <code>request_target_value</code> data attribute references an element on the page that will be updated when the response from the server is successful. Note that this is wrapped in <code>form: { data: {} }</code> since we need <a href="https://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-button_to" rel="noopener noreferrer">this value to be set on the form and not the button</a>.</li> <li>The <code>request_action_value</code> data attribute determines how the <code>request_target_value</code> element will be updated when the response from the server is successful. Note that this is wrapped in <code>form: { data: {} }</code> since we need <a href="https://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-button_to" rel="noopener noreferrer">this value to be set on the form and not the button</a>.</li> </ul> </blockquote> <h4> Links </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span><span class="err">(</span> <span class="na">task.title</span><span class="err">,</span> <span class="na">task_path</span><span class="err">(</span><span class="na">task</span><span class="err">),</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#some_dom_id</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">afterbegin</span> <span class="err">|</span> <span class="na">afterend</span> <span class="err">|</span> <span class="na">beforebegin</span> <span class="err">|</span> <span class="na">beforeend</span> <span class="err">|</span> <span class="na">remove</span> <span class="err">|</span> <span class="na">replace</span> <span class="err">|</span> <span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">)</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We need to add <code>remote: true</code> to ensure the request will make an AJAX request.</li> <li>The <code>request_target_value</code> data attribute references an element on the page that will be updated when the response from the server is successful.</li> <li>The <code>request_action_value</code> data attribute determines how the <code>request_target_value</code> element will be updated when the response from the server is successful.</li> </ul> </blockquote> <h3> Controller Responses </h3> <h4> When Responding With a Partial </h4> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">TasksController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@task</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">task_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="vi">@task</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"layouts/form_errors"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="vi">@task</span><span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>This action only returns <a href="https://guides.rubyonrails.org/layouts_and_rendering.html#using-partials" rel="noopener noreferrer">partials</a> instead of a full layout. If the <code>@task</code> is saved the server will respond with <code>app/views/tasks/_task.html.erb</code>. Otherwise it will respond with <code>layouts/_form_errors.html.erb</code>. In either case just the markup from the partial is returned instead of the full document.</li> </ul> </blockquote> <h4> When Responding With a Layout </h4> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">TasksController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">render</span> <span class="ss">layout: </span><span class="o">!</span><span class="n">request</span><span class="p">.</span><span class="nf">xhr?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>This action will return the full page layout (in this case <code>app/views/tasks/show.html.erb</code>) unless the request was an <a href="https://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-xhr-3F" rel="noopener noreferrer">xhr</a> request. If the request was made with xhr then only the content of <code>app/views/tasks/show.html.erb</code> will be returned instead of the full document. We could have set <code>layout: false</code> but there could be a case where we actually visit the route (<a href="https://www.example.com/tasks/1" rel="noopener noreferrer">https://www.example.com/tasks/1</a>). If we set <code>layout: false</code> then the response would be missing the actually page layout.</li> </ul> </blockquote> <h2> Example </h2> <p>Below is a real world example of how you can use remote elements to create a single page application in Rails.</p> <p><strong>Notes</strong></p> <ul> <li>Since it's a single page app, all requests are coming from the root path (<code>tasks#index</code>). </li> <li>The back button won't work as expected. For example, if you click on a task and then click the back button, you won't be brought back to the <code>tasks#index</code> since you're technically already there. Instead you'll be brought back to whatever page you were on last. This is why there are client side routing libraries such as <a href="https://reactrouter.com/" rel="noopener noreferrer">React Router</a>.</li> <li>In order to DRY up our code, we set the data attributes for some of the form partials in our controllers since we sometimes respond with a form partial. A good example of this is <code>tasks#edit</code> and <code>app/views/tasks/_form.html.erb</code>. </li> </ul> <h3> Routes </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">root</span> <span class="ss">to: </span><span class="s2">"tasks#index"</span> <span class="n">resources</span> <span class="ss">:tasks</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:new</span><span class="p">]</span> <span class="k">do</span> <span class="n">resources</span> <span class="ss">:items</span> <span class="k">do</span> <span class="n">collection</span> <span class="k">do</span> <span class="n">put</span> <span class="s2">"mark_all_as_complete"</span> <span class="n">put</span> <span class="s2">"mark_all_as_incomplete"</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Layout </h3> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/layouts/application.html.erb --&gt;</span> <span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;title&gt;</span>Rails Remote Elements Tutorial<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width,initial-scale=1"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">csrf_meta_tags</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">csp_meta_tag</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">stylesheet_link_tag</span> <span class="err">'</span><span class="na">application</span><span class="err">',</span> <span class="na">media:</span> <span class="err">'</span><span class="na">all</span><span class="err">',</span> <span class="err">'</span><span class="na">data-turbolinks-track</span><span class="err">'</span><span class="na">:</span> <span class="err">'</span><span class="na">reload</span><span class="err">'</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">javascript_pack_tag</span> <span class="err">'</span><span class="na">application</span><span class="err">',</span> <span class="err">'</span><span class="na">data-turbolinks-track</span><span class="err">'</span><span class="na">:</span> <span class="err">'</span><span class="na">reload</span><span class="err">'</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;link</span> <span class="na">href=</span><span class="s">"https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css"</span> <span class="na">rel=</span><span class="s">"stylesheet"</span> <span class="na">integrity=</span><span class="s">"sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3"</span> <span class="na">crossorigin=</span><span class="s">"anonymous"</span><span class="nt">&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;main</span> <span class="na">class=</span><span class="s">"container-sm my-5"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"row justify-content-center"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"col col-5"</span> <span class="na">id=</span><span class="s">"content"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">yield</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/main&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/layouts/_form_errors.html.erb --&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"alert alert-danger"</span> <span class="na">role=</span><span class="s">"alert"</span><span class="nt">&gt;</span> <span class="nt">&lt;ul</span> <span class="na">class=</span><span class="s">"mb-0"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">object.errors.full_messages.each</span> <span class="na">do</span> <span class="err">|</span><span class="na">error</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;li&gt;&lt;</span><span class="err">%=</span> <span class="na">error</span> <span class="err">%</span><span class="nt">&gt;&lt;/li&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/ul&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h3> Task Controller and Views </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/tasks_controller.rb</span> <span class="k">class</span> <span class="nc">TasksController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_task</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:create</span><span class="p">,</span> <span class="ss">:index</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:set_new_item_data_attributes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:set_edit_task_data_attributes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:edit</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:set_new_task_data_attributes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:index</span><span class="p">]</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@task</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">task_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="vi">@task</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"layouts/form_errors"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="vi">@task</span><span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">destroy</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">edit</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">data_attributes: </span><span class="vi">@edit_task_data_attributes</span><span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@tasks</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">all</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="vi">@task</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">new</span> <span class="n">render</span> <span class="ss">layout: </span><span class="o">!</span><span class="n">request</span><span class="p">.</span><span class="nf">xhr?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">show</span> <span class="vi">@items</span> <span class="o">=</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="n">render</span> <span class="ss">layout: </span><span class="o">!</span><span class="n">request</span><span class="p">.</span><span class="nf">xhr?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">task_params</span><span class="p">)</span> <span class="n">render</span> <span class="vi">@task</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"layouts/form_errors"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="vi">@task</span><span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_new_item_data_attributes</span> <span class="vi">@new_item_data_attributes</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">controller: </span><span class="s2">"request"</span><span class="p">,</span> <span class="ss">request_target: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">request_target_value: </span><span class="s2">"#items"</span><span class="p">,</span> <span class="ss">request_action_value: </span><span class="s2">"afterbegin"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_new_task_data_attributes</span> <span class="vi">@new_task_data_attributes</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">controller: </span><span class="s2">"request"</span><span class="p">,</span> <span class="ss">request_target: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">request_target_value: </span><span class="s2">"#tasks"</span><span class="p">,</span> <span class="ss">request_action_value: </span><span class="s2">"afterbegin"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_edit_task_data_attributes</span> <span class="vi">@edit_task_data_attributes</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">controller: </span><span class="s2">"request"</span><span class="p">,</span> <span class="ss">request_target: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">request_target_value: </span><span class="s2">"#task_</span><span class="si">#{</span><span class="vi">@task</span><span class="p">.</span><span class="nf">id</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="ss">request_action_value: </span><span class="s2">"replace"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_task</span> <span class="vi">@task</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">task_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:task</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:title</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/tasks/_form.html.erb --&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form_with</span> <span class="na">model:</span> <span class="err">@</span><span class="na">task</span><span class="err">,</span> <span class="na">local:</span> <span class="na">false</span><span class="err">,</span> <span class="na">data:</span> <span class="na">data_attributes</span><span class="err">,</span> <span class="na">class:</span> <span class="err">"</span><span class="na">row</span> <span class="na">align-items-center</span><span class="err">"</span> <span class="na">do</span> <span class="err">|</span><span class="na">form</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-request-target=</span><span class="s">"error"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">layouts</span><span class="err">/</span><span class="na">form_errors</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">object:</span> <span class="na">form.object</span> <span class="err">}</span> <span class="na">if</span> <span class="na">form.object.errors.any</span><span class="err">?</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"col-9"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form.text_field</span> <span class="na">:title</span><span class="err">,</span> <span class="na">class:</span> <span class="err">"</span><span class="na">form-control</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"col-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form.submit</span> <span class="na">class:</span> <span class="err">"</span><span class="na">btn</span> <span class="na">btn-primary</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/tasks/_task.html.erb --&gt;</span> <span class="nt">&lt;li</span> <span class="na">class=</span><span class="s">"list-group-item list-group-item d-flex justify-content-between align-items-center"</span> <span class="na">id=</span><span class="s">"&lt;%= dom_id(task) %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="na">task.title</span><span class="err">,</span> <span class="na">task_path</span><span class="err">(</span><span class="na">task</span><span class="err">),</span> <span class="na">class:</span> <span class="err">"</span><span class="na">fs-5</span> <span class="na">link-dark</span><span class="err">",</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#content</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="err">"</span><span class="na">Edit</span><span class="err">",</span> <span class="na">edit_task_path</span><span class="err">(</span><span class="na">task</span><span class="err">),</span> <span class="na">class:</span> <span class="err">"</span><span class="na">link-secondary</span><span class="err">",</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">##</span><span class="err">{</span><span class="na">dom_id</span><span class="err">(</span><span class="na">task</span><span class="err">)}",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="err">"</span><span class="na">Delete</span><span class="err">",</span> <span class="na">task_path</span><span class="err">(</span><span class="na">task</span><span class="err">),</span> <span class="na">class:</span> <span class="err">"</span><span class="na">link-secondary</span><span class="err">",</span> <span class="na">method:</span> <span class="na">:delete</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">##</span><span class="err">{</span><span class="na">dom_id</span><span class="err">(</span><span class="na">task</span><span class="err">)}",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">remove</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/li&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/tasks/index.html.erb --&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">form</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">data_attributes:</span> <span class="err">@</span><span class="na">new_task_data_attributes</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;ul</span> <span class="na">id=</span><span class="s">"tasks"</span> <span class="na">class=</span><span class="s">"mt-4 list-group list-group-flush"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="err">@</span><span class="na">tasks</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/ul&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/tasks/show.html.erb --&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="err">"</span><span class="na">Back</span> <span class="na">to</span> <span class="na">Tasks</span><span class="err">",</span> <span class="na">tasks_path</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#content</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;h1&gt;&lt;</span><span class="err">%=</span> <span class="err">@</span><span class="na">task.title</span> <span class="err">%</span><span class="nt">&gt;&lt;/h1&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"mb-4"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">items</span><span class="err">/</span><span class="na">form</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">object:</span> <span class="err">[@</span><span class="na">task</span><span class="err">,</span> <span class="err">@</span><span class="na">task.items.build</span><span class="err">],</span> <span class="na">data_attributes:</span> <span class="err">@</span><span class="na">new_item_data_attributes</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"row gx-2"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">button_to</span> <span class="err">"</span><span class="na">Mark</span> <span class="na">All</span> <span class="na">As</span> <span class="na">Complete</span><span class="err">",</span> <span class="na">mark_all_as_complete_task_items_path</span><span class="err">(@</span><span class="na">task</span><span class="err">),</span> <span class="na">method:</span> <span class="na">:put</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">form_class:</span> <span class="err">"</span><span class="na">col-4</span><span class="err">",</span> <span class="na">class:</span> <span class="err">"</span><span class="na">btn</span> <span class="na">btn-sm</span> <span class="na">btn-outline-secondary</span><span class="err">",</span> <span class="na">form:</span> <span class="err">{</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#items-container</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">button_to</span> <span class="err">"</span><span class="na">Mark</span> <span class="na">All</span> <span class="na">As</span> <span class="na">Incomplete</span><span class="err">",</span> <span class="na">mark_all_as_incomplete_task_items_path</span><span class="err">(@</span><span class="na">task</span><span class="err">),</span> <span class="na">method:</span> <span class="na">:put</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">form_class:</span> <span class="err">"</span><span class="na">col-4</span><span class="err">",</span> <span class="na">class:</span> <span class="err">"</span><span class="na">btn</span> <span class="na">btn-sm</span> <span class="na">btn-outline-secondary</span><span class="err">",</span> <span class="na">form:</span> <span class="err">{</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">#items-container</span><span class="err">",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"items-container"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">items</span><span class="err">/</span><span class="na">items</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h3> Item Controller and Views </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/items_controller.rb</span> <span class="k">class</span> <span class="nc">ItemsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_item</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:destroy</span><span class="p">,</span> <span class="ss">:edit</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:set_task</span> <span class="n">before_action</span> <span class="ss">:set_edit_item_data_attributes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:edit</span><span class="p">]</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@item</span> <span class="o">=</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">build</span><span class="p">(</span><span class="n">item_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@item</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="vi">@item</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"layouts/form_errors"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="vi">@item</span><span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@item</span><span class="p">.</span><span class="nf">destroy</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">edit</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="p">[</span><span class="vi">@task</span><span class="p">,</span> <span class="vi">@item</span><span class="p">],</span> <span class="ss">data_attributes: </span><span class="vi">@edit_item_data_attributes</span><span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">mark_all_as_complete</span> <span class="vi">@items</span> <span class="o">=</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="vi">@items</span><span class="p">.</span><span class="nf">update_all</span><span class="p">(</span><span class="ss">complete: </span><span class="kp">true</span><span class="p">)</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"items"</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">mark_all_as_incomplete</span> <span class="vi">@items</span> <span class="o">=</span> <span class="vi">@task</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">order</span><span class="p">(</span><span class="ss">created_at: :desc</span><span class="p">)</span> <span class="vi">@items</span><span class="p">.</span><span class="nf">update_all</span><span class="p">(</span><span class="ss">complete: </span><span class="kp">false</span><span class="p">)</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"items"</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@item</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">item_params</span><span class="p">)</span> <span class="n">render</span> <span class="vi">@item</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"layouts/form_errors"</span><span class="p">,</span> <span class="ss">locals: </span><span class="p">{</span><span class="ss">object: </span><span class="vi">@item</span><span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">item_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:item</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:complete</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_edit_item_data_attributes</span> <span class="vi">@edit_item_data_attributes</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">controller: </span><span class="s2">"request"</span><span class="p">,</span> <span class="ss">request_target: </span><span class="s2">"form"</span><span class="p">,</span> <span class="ss">request_target_value: </span><span class="s2">"#item_</span><span class="si">#{</span><span class="vi">@item</span><span class="p">.</span><span class="nf">id</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="ss">request_action_value: </span><span class="s2">"replace"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_item</span> <span class="vi">@item</span> <span class="o">=</span> <span class="no">Item</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_task</span> <span class="vi">@task</span> <span class="o">=</span> <span class="no">Task</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:task_id</span><span class="p">])</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/items/_form.html.erb --&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form_with</span> <span class="na">model:</span> <span class="na">object</span><span class="err">,</span> <span class="na">local:</span> <span class="na">false</span><span class="err">,</span> <span class="na">data:</span> <span class="na">data_attributes</span><span class="err">,</span> <span class="na">class:</span> <span class="err">"</span><span class="na">row</span> <span class="na">align-items-center</span><span class="err">"</span> <span class="na">do</span> <span class="err">|</span><span class="na">form</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-request-target=</span><span class="s">"error"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">layouts</span><span class="err">/</span><span class="na">form_errors</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">object:</span> <span class="na">form.object</span> <span class="err">}</span> <span class="na">if</span> <span class="na">form.object.errors.any</span><span class="err">?</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"col-9"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form.text_field</span> <span class="na">:title</span><span class="err">,</span> <span class="na">class:</span> <span class="err">"</span><span class="na">form-control</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"col-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">form.submit</span> <span class="na">class:</span> <span class="err">"</span><span class="na">btn</span> <span class="na">btn-primary</span><span class="err">"%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/items/_item.html.erb --&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">unless</span> <span class="na">item.new_record</span><span class="err">?</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;li</span> <span class="na">class=</span><span class="s">"list-group-item list-group-item d-flex justify-content-between align-items-center"</span> <span class="na">id=</span><span class="s">"&lt;%= dom_id(item) %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"d-flex justify-content-between align-items-center"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">item.title</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">button_to</span> <span class="err">[</span><span class="na">item.task</span><span class="err">,</span> <span class="na">item</span><span class="err">],</span> <span class="na">class:</span> <span class="err">"</span><span class="na">btn</span> <span class="na">btn-link</span><span class="err">",</span> <span class="na">method:</span> <span class="na">:put</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">params:</span> <span class="err">{</span> <span class="na">item:</span> <span class="err">{</span> <span class="na">complete:</span> <span class="err">!</span><span class="na">item.complete</span> <span class="err">}</span> <span class="err">},</span> <span class="na">form:</span> <span class="err">{</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">##</span><span class="err">{</span><span class="na">dom_id</span><span class="err">(</span><span class="na">item</span><span class="err">)}",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">replace</span><span class="err">"</span> <span class="err">}</span> <span class="err">}</span> <span class="na">do</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">item.complete</span><span class="err">?</span> <span class="err">?</span> <span class="err">"</span><span class="na">Mark</span> <span class="na">as</span> <span class="na">incomplete</span><span class="err">"</span> <span class="na">:</span> <span class="err">"</span><span class="na">Mark</span> <span class="na">as</span> <span class="na">complete</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="err">"</span><span class="na">Edit</span><span class="err">",</span> <span class="na">edit_task_item_path</span><span class="err">(</span><span class="na">item.task</span><span class="err">,</span> <span class="na">item</span><span class="err">),</span> <span class="na">class:</span> <span class="err">"</span><span class="na">link-secondary</span><span class="err">",</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">##</span><span class="err">{</span><span class="na">dom_id</span><span class="err">(</span><span class="na">item</span><span class="err">)}",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">update</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">link_to</span> <span class="err">"</span><span class="na">Delete</span><span class="err">",</span> <span class="na">task_item_path</span><span class="err">(</span><span class="na">item.task</span><span class="err">,</span> <span class="na">item</span><span class="err">),</span> <span class="na">class:</span> <span class="err">"</span><span class="na">link-secondary</span><span class="err">",</span> <span class="na">method:</span> <span class="na">:delete</span><span class="err">,</span> <span class="na">remote:</span> <span class="na">true</span><span class="err">,</span> <span class="na">data:</span> <span class="err">{</span> <span class="na">controller:</span> <span class="err">"</span><span class="na">request</span><span class="err">",</span> <span class="na">request_target_value:</span> <span class="err">"</span><span class="na">##</span><span class="err">{</span><span class="na">dom_id</span><span class="err">(</span><span class="na">item</span><span class="err">)}",</span> <span class="na">request_action_value:</span> <span class="err">"</span><span class="na">remove</span><span class="err">"</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/li&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- app/views/items/_items.html.erb --&gt;</span> <span class="nt">&lt;ul</span> <span class="na">id=</span><span class="s">"items"</span> <span class="na">class=</span><span class="s">"mt-4 list-group list-group-flush"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="err">@</span><span class="na">items</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/ul&gt;</span> </code></pre> </div> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn" rel="noopener noreferrer">Follow me on Twitter</a> to get even more tips.</p> tutorial rails Lazy Load Content in Rails from Scratch Steve Polito Sun, 17 Oct 2021 12:19:24 +0000 https://dev.to/stevepolitodesign/lazy-load-content-in-rails-from-scratch-4hcm https://dev.to/stevepolitodesign/lazy-load-content-in-rails-from-scratch-4hcm <h1> Lazy Load Content in Rails from Scratch </h1> <p>Are certain pages on your Rails app loading slowly? You might want to consider loading those requests in the background. It's easier than you think. In this tutorial I'll show you how to lazy load content in Rails without Hotwire.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--UY9bCJYr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/rails-lazy-load-content-from-scratch/main/public/demo.gif" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--UY9bCJYr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/rails-lazy-load-content-from-scratch/main/public/demo.gif" alt="Demo" width="800" height="500"></a></p> <h2> References </h2> <ul> <li><a href="https://boringrails.com/tips/turboframe-lazy-load-skeleton">Lazy-loading content with Turbo Frames and skeleton loader</a></li> <li><a href="https://boringrails.com/articles/hovercards-stimulus/">Building GitHub-style Hovercards with StimulusJS and HTML-over-the-wire</a></li> </ul> <h2> Formula </h2> <ol> <li>Create an endpoint that does not return a layout. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">LazyLoad::PostsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@posts</span> <span class="o">=</span> <span class="no">Post</span><span class="p">.</span><span class="nf">all</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"lazy_load/posts/post"</span><span class="p">,</span> <span class="ss">collection: </span><span class="vi">@posts</span><span class="p">,</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Add a <a href="https://getbootstrap.com/docs/5.1/components/placeholders/#example">placeholder</a> element onto the page that will represent where the content will be loaded. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div</span> <span class="na">data-controller=</span><span class="s">"lazy-load"</span> <span class="na">data-lazy-load-url-value=</span><span class="s">"&lt;%= lazy_load_posts_path %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-lazy-load-target=</span><span class="s">"output"</span> <span class="na">class=</span><span class="s">"d-grid gap-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">placeholder</span><span class="err">"</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <ol> <li>Make a <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch">Fetch request</a> to the endpoint and replace the placeholder with the response from the endpoint. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@hotwired/stimulus</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="kd">extends</span> <span class="nx">Controller</span> <span class="p">{</span> <span class="kd">static</span> <span class="nx">targets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">output</span><span class="dl">"</span><span class="p">];</span> <span class="kd">static</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nb">String</span> <span class="p">};</span> <span class="nx">connect</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Request</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">urlValue</span><span class="p">)</span> <span class="k">this</span><span class="p">.</span><span class="nx">fetchContent</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">request</span><span class="p">);</span> <span class="p">}</span> <span class="nx">fetchContent</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">{</span> <span class="nx">fetch</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">200</span><span class="p">)</span> <span class="p">{</span> <span class="nx">response</span><span class="p">.</span><span class="nx">text</span><span class="p">().</span><span class="nx">then</span><span class="p">((</span><span class="nx">text</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="nx">text</span><span class="p">)));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="dl">"</span><span class="s2">Could not load data</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="dl">"</span><span class="s2">Could not load data</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">renderContent</span><span class="p">(</span><span class="nx">content</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">outputTarget</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">content</span> <span class="k">this</span><span class="p">.</span><span class="nx">dispatchEvent</span><span class="p">(</span><span class="dl">"</span><span class="s2">lazy_load:complete</span><span class="dl">"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">dispatchEvent</span><span class="p">(</span><span class="nx">eventName</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Event</span><span class="p">(</span><span class="nx">eventName</span><span class="p">);</span> <span class="nb">document</span><span class="p">.</span><span class="nx">dispatchEvent</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Example </h2> <h3> Step 1: Create Endpoints </h3> <ol> <li>Generate namespaced controllers. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g controller lazy_load/posts rails g controller lazy_load/users </code></pre> </div> <ol> <li>Add namespaced routes with default values. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">namespace</span> <span class="ss">:lazy_load</span> <span class="k">do</span> <span class="n">defaults</span> <span class="ss">layout: </span><span class="kp">false</span> <span class="k">do</span> <span class="n">resources</span> <span class="ss">:posts</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:index</span><span class="p">]</span> <span class="n">resources</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:index</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build controller actions. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/lazy_load/posts_controller.rb</span> <span class="k">class</span> <span class="nc">LazyLoad::PostsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@posts</span> <span class="o">=</span> <span class="no">Post</span><span class="p">.</span><span class="nf">all</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"lazy_load/posts/post"</span><span class="p">,</span> <span class="ss">collection: </span><span class="vi">@posts</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/lazy_load/posts_controller.rb</span> <span class="k">class</span> <span class="nc">LazyLoad::UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@users</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">all</span> <span class="n">render</span> <span class="ss">partial: </span><span class="s2">"lazy_load/users/user"</span><span class="p">,</span> <span class="ss">collection: </span><span class="vi">@users</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build views.</li> </ol> <h4> Card </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/shared/_card.html.erb <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"card"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"card-body"</span><span class="nt">&gt;</span> <span class="nt">&lt;h5</span> <span class="na">class=</span><span class="s">"card-title"</span><span class="nt">&gt;&lt;</span><span class="err">%=</span> <span class="na">title</span> <span class="err">%</span><span class="nt">&gt;&lt;/h5&gt;</span> <span class="nt">&lt;p</span> <span class="na">class=</span><span class="s">"card-text"</span><span class="nt">&gt;&lt;</span><span class="err">%=</span> <span class="na">body</span> <span class="err">%</span><span class="nt">&gt;&lt;/p&gt;</span> <span class="nt">&lt;p</span> <span class="na">class=</span><span class="s">"card-text"</span><span class="nt">&gt;&lt;small</span> <span class="na">class=</span><span class="s">"text-muted"</span><span class="nt">&gt;&lt;</span><span class="err">%=</span> <span class="na">timestamp</span> <span class="err">%</span><span class="nt">&gt;&lt;/small&gt;&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h4> Placeholder Card Variant </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/shared/_card.html+empty.erb <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"card mb-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"card-body"</span><span class="nt">&gt;</span> <span class="nt">&lt;p</span> <span class="na">aria-hidden=</span><span class="s">"true"</span> <span class="na">class=</span><span class="s">"d-grid gap-3 placeholder-glow"</span><span class="nt">&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"placeholder col-12 placeholder-lg"</span><span class="nt">&gt;&lt;/span&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"placeholder col-6"</span><span class="nt">&gt;&lt;/span&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"placeholder col-6 placeholder-xs"</span><span class="nt">&gt;&lt;/span&gt;</span> <span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <h4> List Group </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/shared/_list_group.html.erb <span class="nt">&lt;li</span> <span class="na">class=</span><span class="s">"list-group-item d-flex justify-content-between align-items-start"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"ms-2 me-auto"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"fw-bold"</span><span class="nt">&gt;&lt;</span><span class="err">%=</span> <span class="na">name</span> <span class="err">%</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">email</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"#"</span> <span class="na">data-bs-toggle=</span><span class="s">"tooltip"</span> <span class="na">data-bs-placement=</span><span class="s">"top"</span> <span class="na">title=</span><span class="s">"&lt;%= tooltip %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;svg</span> <span class="na">xmlns=</span><span class="s">"http://www.w3.org/2000/svg"</span> <span class="na">width=</span><span class="s">"16"</span> <span class="na">height=</span><span class="s">"16"</span> <span class="na">fill=</span><span class="s">"currentColor"</span> <span class="na">class=</span><span class="s">"bi bi-info-circle"</span> <span class="na">viewBox=</span><span class="s">"0 0 16 16"</span><span class="nt">&gt;</span> <span class="nt">&lt;path</span> <span class="na">d=</span><span class="s">"M8 15A7 7 0 1 1 8 1a7 7 0 0 1 0 14zm0 1A8 8 0 1 0 8 0a8 8 0 0 0 0 16z"</span><span class="nt">/&gt;</span> <span class="nt">&lt;path</span> <span class="na">d=</span><span class="s">"m8.93 6.588-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545 0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275 0-.375-.193-.304-.533L8.93 6.588zM9 4.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0z"</span><span class="nt">/&gt;</span> <span class="nt">&lt;/svg&gt;</span> <span class="nt">&lt;/a&gt;</span> <span class="nt">&lt;/li&gt;</span> </code></pre> </div> <h4> Post </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/lazy_load/posts/_post.html.erb <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">card</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">title:</span> <span class="na">post.title</span><span class="err">,</span> <span class="na">body:</span> <span class="na">post.body</span><span class="err">,</span> <span class="na">timestamp:</span> <span class="na">time_ago_in_words</span><span class="err">(</span><span class="na">post.updated_at</span><span class="err">)</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <h4> User </h4> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/lazy_load/users/_user.html.erb <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">list_group</span><span class="err">",</span> <span class="na">locals:</span> <span class="err">{</span> <span class="na">name:</span> <span class="na">user.name</span><span class="err">,</span> <span class="na">email:</span> <span class="na">user.email</span><span class="err">,</span> <span class="na">tooltip:</span> <span class="na">pluralize</span><span class="err">(</span><span class="na">user.posts.size</span><span class="err">,</span> <span class="err">'</span><span class="na">Post</span><span class="err">')</span> <span class="err">}</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <a href="https://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing">namespaced route and controller</a>. This isn't required, but it helps keep our endpoints organized. We're also not limited to just <code>index</code> actions either.</li> <li>We set a <a href="https://guides.rubyonrails.org/routing.html#defining-defaults">default</a> for those endpoints to <a href="https://guides.rubyonrails.org/layouts_and_rendering.html#options-for-render">not render a layout</a>. This means that just the raw HTML for the partials will be returned.</li> <li>We choose to create custom views for each endpoint, but we could use the existing views or partials if we wanted to. This is just personal preference.</li> </ul> </blockquote> <p>If you navigate to <a href="http://localhost:3000/lazy_load/users">http://localhost:3000/lazy_load/users</a> you should see that the content has loaded without a layout.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--GkalGYU6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uuow6duf71vjna4w8q7v.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GkalGYU6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uuow6duf71vjna4w8q7v.png" alt="Web response" width="880" height="565"></a></p> <p>If you open the network tab you will see that the server responded with raw HTML without a layout.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--VRPiXdrJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hsrhf5hva6thjnysuh8e.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VRPiXdrJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hsrhf5hva6thjnysuh8e.png" alt="Network Response" width="880" height="259"></a></p> <h3> Step 2: Build a Stimulus Controller </h3> <ol> <li>Create a Stimulus Controller to fetch data from the endpoints. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/javascript/controllers/lazy_load_controller.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@hotwired/stimulus</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="kd">extends</span> <span class="nx">Controller</span> <span class="p">{</span> <span class="kd">static</span> <span class="nx">targets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">output</span><span class="dl">"</span><span class="p">];</span> <span class="kd">static</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nb">String</span> <span class="p">};</span> <span class="nx">connect</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">request</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Request</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">urlValue</span><span class="p">)</span> <span class="k">this</span><span class="p">.</span><span class="nx">fetchContent</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">request</span><span class="p">);</span> <span class="p">}</span> <span class="nx">fetchContent</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">{</span> <span class="nx">fetch</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">.</span><span class="nx">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">200</span><span class="p">)</span> <span class="p">{</span> <span class="nx">response</span><span class="p">.</span><span class="nx">text</span><span class="p">().</span><span class="nx">then</span><span class="p">((</span><span class="nx">text</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="nx">text</span><span class="p">)));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="dl">"</span><span class="s2">Could not load data</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">renderContent</span><span class="p">(</span><span class="dl">"</span><span class="s2">Could not load data</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">renderContent</span><span class="p">(</span><span class="nx">content</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">outputTarget</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">content</span> <span class="k">this</span><span class="p">.</span><span class="nx">dispatchEvent</span><span class="p">(</span><span class="dl">"</span><span class="s2">lazy_load:complete</span><span class="dl">"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">dispatchEvent</span><span class="p">(</span><span class="nx">eventName</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Event</span><span class="p">(</span><span class="nx">eventName</span><span class="p">);</span> <span class="nb">document</span><span class="p">.</span><span class="nx">dispatchEvent</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ol> <li>Use the following markup to connect to the Stimulus Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div</span> <span class="na">data-controller=</span><span class="s">"lazy-load"</span> <span class="na">data-lazy-load-url-value=</span><span class="s">"&lt;%= lazy_load_users_path %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-lazy-load-target=</span><span class="s">"output"</span> <span class="na">class=</span><span class="s">"d-grid gap-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="err">5.</span><span class="na">times</span> <span class="na">do</span> <span class="err">|</span><span class="na">i</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">card</span><span class="err">",</span> <span class="na">variants:</span> <span class="err">[</span><span class="na">:empty</span><span class="err">]</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We could just use vanilla JavaScript instead of <a href="https://stimulus.hotwired.dev/">Stimulus</a>, but Stimulus pairs nicely with Rails and will make it easy to get up and running with this feature quickly.</li> <li>When the Stimulus Controller first connects, it will make a <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API">fetch request</a> to whatever value is stored in the <code>data-lazy-load-url-value</code> attribute. This keeps our Stimulus Controller flexible and reusable.</li> <li>If the request was successful we replace the placeholder with the response. Note that we call <a href="https://developer.mozilla.org/en-US/docs/Web/API/Request/text">response.text()</a> in order to return the response into a String.</li> <li>If the request was not successful, we simply replace the placeholder with an error message.</li> <li>In all cases we <a href="https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/dispatchEvent">dispatch a custom event</a> on the <code>document</code>. We could call this event anything we want, but it's helpful to namespace it to avoid naming collisions with other libraries or specs. This is what <a href="https://github.com/rails/rails/commit/ad3a47759e67a411f3534309cdd704f12f6930a7#diff-d4469d4947657c8f2640db112c7ab2ec70c5ef16e4d49a16ee457a9a857da01cR68">Rails UJS</a> does, and is helpful in cases where you need to re-initialize JavaScript for elements that were just added to the DOM. In our case this is helpful for re-initializing tooltips. </li> </ul> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app/javascript/controllers/application.js</span> <span class="nb">document</span><span class="p">.</span><span class="nx">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">lazy_load:complete</span><span class="dl">"</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nx">initilizeToolTips</span><span class="p">();</span> <span class="p">});</span> <span class="kd">function</span> <span class="nx">initilizeToolTips</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">tooltipTriggerList</span> <span class="o">=</span> <span class="p">[].</span><span class="nx">slice</span><span class="p">.</span><span class="nx">call</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">[data-bs-toggle="tooltip"]</span><span class="dl">'</span><span class="p">))</span> <span class="kd">var</span> <span class="nx">tooltipList</span> <span class="o">=</span> <span class="nx">tooltipTriggerList</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="kd">function</span> <span class="p">(</span><span class="nx">tooltipTriggerEl</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nx">bootstrap</span><span class="p">.</span><span class="nx">Tooltip</span><span class="p">(</span><span class="nx">tooltipTriggerEl</span><span class="p">)</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> Step 2: Putting it all Together </h3> <ol> <li>Create a new Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller Homescreens show </code></pre> </div> <ol> <li>Update the routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">root</span> <span class="ss">to: </span><span class="s2">"homescreens#show"</span> <span class="n">resource</span> <span class="ss">:homescreen</span><span class="p">,</span> <span class="ss">only: :show</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Add markup to lazy load content users and posts. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight html"><code># app/views/homescreens/show.html.erb <span class="nt">&lt;div</span> <span class="na">data-controller=</span><span class="s">"lazy-load"</span> <span class="na">data-lazy-load-url-value=</span><span class="s">"&lt;%= lazy_load_posts_path %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-lazy-load-target=</span><span class="s">"output"</span> <span class="na">class=</span><span class="s">"d-grid gap-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="err">5.</span><span class="na">times</span> <span class="na">do</span> <span class="err">|</span><span class="na">i</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">card</span><span class="err">",</span> <span class="na">variants:</span> <span class="err">[</span><span class="na">:empty</span><span class="err">]</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">content_for</span> <span class="na">:left_column</span> <span class="na">do</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-controller=</span><span class="s">"lazy-load"</span> <span class="na">data-lazy-load-url-value=</span><span class="s">"&lt;%= lazy_load_users_path %&gt;"</span><span class="nt">&gt;</span> <span class="nt">&lt;ul</span> <span class="na">data-lazy-load-target=</span><span class="s">"output"</span> <span class="na">class=</span><span class="s">"list-group list-group-flush list-unstyled"</span><span class="nt">&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="err">5.</span><span class="na">times</span> <span class="na">do</span> <span class="err">|</span><span class="na">i</span><span class="err">|</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;li&gt;&lt;</span><span class="err">%=</span> <span class="na">render</span> <span class="na">partial:</span> <span class="err">"</span><span class="na">shared</span><span class="err">/</span><span class="na">card</span><span class="err">",</span> <span class="na">variants:</span> <span class="err">[</span><span class="na">:empty</span><span class="err">]</span> <span class="err">%</span><span class="nt">&gt;&lt;/li&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> <span class="nt">&lt;/ul&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;</span><span class="err">%</span> <span class="na">end</span> <span class="err">%</span><span class="nt">&gt;</span> </code></pre> </div> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn">Follow me on Twitter</a> to get even more tips.</p> rails tutorial I built a gem that makes it easy to automatically unsubscribe from emails in Rails. Steve Polito Tue, 28 Sep 2021 00:31:18 +0000 https://dev.to/stevepolitodesign/i-built-a-gem-that-makes-it-easy-to-automatically-unsubscribe-from-emails-in-rails-345o https://dev.to/stevepolitodesign/i-built-a-gem-that-makes-it-easy-to-automatically-unsubscribe-from-emails-in-rails-345o <h1> Source Code </h1> <p><a href="https://github.com/stevepolitodesign/unsubscribe">https://github.com/stevepolitodesign/unsubscribe</a></p> <h1> Demo </h1> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QAsSdXnM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/unsubscribe/main/docs/demo.gif" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QAsSdXnM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880/https://raw.githubusercontent.com/stevepolitodesign/unsubscribe/main/docs/demo.gif" alt="Demo" width="800" height="430"></a></p> <h1> Docs </h1> <h2> 📭 Unsubscribe </h2> <p>Automatically unsubscribe from emails in Rails.</p> <h3> 🚀 Installation </h3> <p>Add this line to your application's Gemfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">gem</span> <span class="s1">'unsubscribe'</span> </code></pre> </div> <p>And then execute:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>bundle </code></pre> </div> <p>Or install it yourself as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gem <span class="nb">install </span>unsubscribe </code></pre> </div> <p>Then run the installation commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rails g unsubscribe:install rails unsubscribe:install:migrations rails db:migrate </code></pre> </div> <h3> 📚 Usage </h3> <h3> Unsubscribe::Owner </h3> <ul> <li>Add <code>include Unsubscribe::Owner</code> to a <code>Model</code>. The <code>Model</code> must have an <code>email</code> column. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Unsubscribe</span><span class="o">::</span><span class="no">Owner</span> <span class="k">end</span> </code></pre> </div> <h5> Available Methods </h5> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">mailer_subscriptions</span> <span class="c1"># =&gt; #&lt;ActiveRecord::Associations::CollectionProxy [#&lt;Unsubscribe::MailerSubscription&gt;, #&lt;Unsubscribe::MailerSubscription&gt;] &gt;</span> <span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">subscribed_to_mailer?</span> <span class="s2">"MarketingMailer"</span> <span class="c1"># =&gt; true/false</span> <span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">to_sgid_for_mailer_subscription</span> <span class="c1"># =&gt; #&lt;SignedGlobalID:123 ...&gt;</span> </code></pre> </div> <h4> Unsubscribe::Mailer </h4> <ul> <li>Add <code>include Unsubscribe::Mailer</code> to a <code>Mailer</code>.</li> <li>Optionally call <code>unsubscribe_settings</code> to set a <code>name</code> and <code>description</code>. This will be used in the unsubscribe page.</li> <li>Set <code>mail to:</code> to <code>@recipient.email</code>. The <code>@recipient</code> is an instance of whatever Class <code>include Unsubscribe::Owner</code> was added to. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">MarketingMailer</span> <span class="o">&lt;</span> <span class="no">ApplicationMailer</span> <span class="kp">include</span> <span class="no">Unsubscribe</span><span class="o">::</span><span class="no">Mailer</span> <span class="n">unsubscribe_settings</span> <span class="ss">name: </span><span class="s2">"Marketing Emails"</span><span class="p">,</span> <span class="ss">description: </span><span class="s2">"Updates on promotions and sales."</span> <span class="k">def</span> <span class="nf">promotion</span> <span class="n">mail</span> <span class="ss">to: </span><span class="vi">@recipient</span><span class="p">.</span><span class="nf">email</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ul> <li>Call the <code>Mailer</code> with a <code>recipient</code> parameter. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="no">MarketingMailer</span><span class="p">.</span><span class="nf">with</span><span class="p">(</span> <span class="ss">recipient: </span><span class="no">User</span><span class="p">.</span><span class="nf">first</span> <span class="p">).</span><span class="nf">promotion</span><span class="p">.</span><span class="nf">deliver_now</span> </code></pre> </div> <h4> Available Methods </h4> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Unsubscribe</span><span class="o">::</span><span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">action</span> <span class="c1"># =&gt; "Unsubscribe from"/"Subscribe to"</span> <span class="no">Unsubscribe</span><span class="o">::</span><span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">call_to_action</span> <span class="c1"># =&gt; "Unsubscribe from Marketing Emails"/"Subscribe to Marketing Emails"</span> <span class="no">Unsubscribe</span><span class="o">::</span><span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">description</span> <span class="c1"># =&gt; "Updates on promotions and sales."</span> <span class="no">Unsubscribe</span><span class="o">::</span><span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">name</span> <span class="c1"># =&gt; "Marketing Emails"</span> </code></pre> </div> <h4> Unsubscribe Link </h4> <ul> <li>Add the <code>@unsubscribe_url</code> link to the <code>Mailer</code>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%= link_to "Unsubscribe", @unsubscribe_url %&gt; </code></pre> </div> <h3> ⚙️ Customize Templates </h3> <p>Run <code>rails g unsubscribe:views</code> if you want to modify the existing templates.</p> <h3> 🌐 I18n </h3> <p>The language used for <code>Unsubscribe::MailerSubscription#action</code> can be translated.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># config/locales/en.yml</span> <span class="na">en</span><span class="pi">:</span> <span class="na">unsubscribe</span><span class="pi">:</span> <span class="na">action</span><span class="pi">:</span> <span class="na">subscribe</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Subscribe</span><span class="nv"> </span><span class="s">to"</span> <span class="na">unsubscribe</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Unsubscribe</span><span class="nv"> </span><span class="s">from"</span> </code></pre> </div> <h3> 🙏 Contributing </h3> <p>If you'd like to open a PR please make sure the following things pass:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">bin</span><span class="o">/</span><span class="n">rails</span> <span class="nb">test</span> <span class="n">bundle</span> <span class="nb">exec</span> <span class="n">standardrb</span> </code></pre> </div> <h3> 📜 License </h3> <p>The gem is available as open source under the terms of the <a href="https://opensource.org/licenses/MIT">MIT License</a>.</p> showdev ruby rails Automatically Unsubscribe from Emails in Rails (and Control Email Preferences) Steve Polito Tue, 07 Sep 2021 10:07:12 +0000 https://dev.to/stevepolitodesign/automatically-unsubscribe-from-emails-in-rails-and-control-email-preferences-72g https://dev.to/stevepolitodesign/automatically-unsubscribe-from-emails-in-rails-and-control-email-preferences-72g <p>In this tutorial, I'll show you how to add a link to any Rails Mailer that will allow a user to automatically unsubscribe from that email. As an added bonus, we'll build a page allowing a user to update their email preferences across all mailers.</p> <p>Inspired by <a href="https://gorails.com/episodes/rails-email-unsubscribe-links" rel="noopener noreferrer">GoRails</a>.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiubixksdbdee55h5bdu7.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiubixksdbdee55h5bdu7.gif" alt="demo"></a></p> <h2> Step 1: Build Mailers </h2> <ol> <li>Generate mailers. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g mailer marketing promotion rails g mailer notification notify </code></pre> </div> <ol> <li>Update previews by passing a user into the mailer. This assumes your database has at least one user record. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/mailers/previews/marketing_mailer_preview.rb</span> <span class="k">class</span> <span class="nc">MarketingMailerPreview</span> <span class="o">&lt;</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Preview</span> <span class="k">def</span> <span class="nf">promotion</span> <span class="no">MarketingMailer</span><span class="p">.</span><span class="nf">with</span><span class="p">(</span> <span class="ss">user: </span><span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">,</span> <span class="o">...</span> <span class="p">).</span><span class="nf">promotion</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/mailers/previews/notification_mailer_preview.rb</span> <span class="k">class</span> <span class="nc">NotificationMailerPreview</span> <span class="o">&lt;</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Preview</span> <span class="k">def</span> <span class="nf">notify</span> <span class="no">NotificationMailer</span><span class="p">.</span><span class="nf">with</span><span class="p">(</span> <span class="ss">user: </span><span class="no">User</span><span class="p">.</span><span class="nf">first</span> <span class="o">...</span> <span class="p">).</span><span class="nf">notify</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Step 2: Build a Model to Save Email Preferences </h2> <ol> <li>Generate the model and migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g model mailer_subscription user:references subscribed:boolean mailer:string </code></pre> </div> <ol> <li>Add a null constraint to the mailer column, and a unique index on the user_id and mailer columns. This will prevent duplicate records. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateMailerSubscriptions</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:mailer_subscriptions</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">references</span> <span class="ss">:user</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span><span class="p">,</span> <span class="ss">foreign_key: </span><span class="kp">true</span> <span class="n">t</span><span class="p">.</span><span class="nf">boolean</span> <span class="ss">:subscribed</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:mailer</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="n">add_index</span><span class="p">(</span><span class="ss">:mailer_subscriptions</span><span class="p">,</span> <span class="p">[</span><span class="ss">:user_id</span><span class="p">,</span> <span class="ss">:mailer</span><span class="p">],</span> <span class="ss">unique: </span><span class="kp">true</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add <code>null: false</code> to the <code>mailer</code> column to prevent empty values from being saved, since this column is required.</li> <li>We add a <a href="https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html#method-i-add_index" rel="noopener noreferrer">unique index</a> on the <code>user_id</code> and <code>mailer</code> columns to prevent a user from having multiple preferences for a mailer.</li> </ul> </blockquote> <ol> <li>Run the migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails db:migrate </code></pre> </div> <ol> <li>Build the MailerSubscription model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/mailer_subscription.rb</span> <span class="k">class</span> <span class="nc">MailerSubscription</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">belongs_to</span> <span class="ss">:user</span> <span class="no">MAILERS</span> <span class="o">=</span> <span class="no">OpenStruct</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span> <span class="ss">items: </span><span class="p">[</span> <span class="p">{</span> <span class="ss">class: </span><span class="s2">"MarketingMailer"</span><span class="p">,</span> <span class="ss">name: </span><span class="s2">"Marketing Emails"</span><span class="p">,</span> <span class="ss">description: </span><span class="s2">"Updates on promotions and sales."</span> <span class="p">},</span> <span class="p">{</span> <span class="ss">class: </span><span class="s2">"NotificationMailer"</span><span class="p">,</span> <span class="ss">name: </span><span class="s2">"Notification Emails"</span><span class="p">,</span> <span class="ss">description: </span><span class="s2">"Notifications from the website."</span> <span class="p">}</span> <span class="p">]</span> <span class="p">).</span><span class="nf">freeze</span> <span class="n">validates</span> <span class="ss">:subscribed</span><span class="p">,</span> <span class="ss">inclusion: </span><span class="p">[</span><span class="kp">true</span><span class="p">,</span> <span class="kp">false</span><span class="p">],</span> <span class="ss">allow_nil: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:mailer</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:mailer</span><span class="p">,</span> <span class="ss">inclusion: </span><span class="no">MAILERS</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">map</span><span class="p">{</span> <span class="o">|</span><span class="n">item</span><span class="o">|</span> <span class="n">item</span><span class="p">[</span><span class="ss">:class</span><span class="p">]</span> <span class="p">}</span> <span class="n">validates</span> <span class="ss">:user</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="p">{</span> <span class="ss">scope: :mailer</span> <span class="p">}</span> <span class="c1"># @mailer_subscription.details</span> <span class="c1"># =&gt; [{:class =&gt; "MarketingMailer", :name =&gt; "Marketing Emails", :description =&gt; "Updates on promotions and sales."}]</span> <span class="k">def</span> <span class="nf">details</span> <span class="no">MailerSubscription</span><span class="o">::</span><span class="no">MAILERS</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">select</span> <span class="p">{</span><span class="o">|</span><span class="n">item</span><span class="o">|</span> <span class="n">item</span><span class="p">[</span><span class="ss">:class</span><span class="p">]</span> <span class="o">==</span> <span class="n">mailer</span> <span class="p">}</span> <span class="k">end</span> <span class="c1"># @mailer_subscription.name</span> <span class="c1"># =&gt; "Marketing Emails"</span> <span class="k">def</span> <span class="nf">name</span> <span class="n">details</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="ss">:name</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># @mailer_subscription.name</span> <span class="c1"># =&gt; "Updates on promotions and sales."</span> <span class="k">def</span> <span class="nf">description</span> <span class="n">details</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="ss">:description</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># @mailer_subscription.name</span> <span class="c1"># =&gt; "Subscribe to"</span> <span class="k">def</span> <span class="nf">action</span> <span class="n">subscribed?</span> <span class="p">?</span> <span class="s2">"Unsubscribe from"</span> <span class="p">:</span> <span class="s2">"Subscribe to"</span> <span class="k">end</span> <span class="c1"># @mailer_subscription.name</span> <span class="c1"># =&gt; "Subscribe to Marketing Emails"</span> <span class="k">def</span> <span class="nf">call_to_action</span> <span class="s2">"</span><span class="si">#{</span><span class="n">action</span><span class="si">}</span><span class="s2"> </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here</strong></p> <ul> <li>We add a constant to store a list of mailers a user will be able to subscribe/unsubscribe from. The class value must match the name of a Mailer class. </li> <li>We use the values stored in the constant to constrain what values can be set on the <code>mailer</code> column. This prevents us from accidentally creating a record with an invalid mailer.</li> <li>We add a <a href="https://guides.rubyonrails.org/active_record_validations.html#uniqueness" rel="noopener noreferrer">uniqueness validator</a> between the <code>user</code> and <code>mailer</code>. This is made possible by the unique index we created in the migration. This will ensure a user cannot have multiple preferences for the same mailer.</li> <li>We use the values stored in the constant to create a variety of helper methods that can be used in views. </li> </ul> </blockquote> <ol> <li>Add method to check if a user is subscribed to a specific mailer. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">has_many</span> <span class="ss">:mailer_subscriptions</span><span class="p">,</span> <span class="ss">dependent: :destroy</span> <span class="c1"># @user.subscribed_to_mailer? "MarketingMailer"</span> <span class="c1"># =&gt; true</span> <span class="k">def</span> <span class="nf">subscribed_to_mailer?</span><span class="p">(</span><span class="n">mailer</span><span class="p">)</span> <span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span> <span class="ss">user: </span><span class="nb">self</span><span class="p">,</span> <span class="ss">mailer: </span><span class="n">mailer</span><span class="p">,</span> <span class="ss">subscribed: </span><span class="kp">true</span> <span class="p">).</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add a method that checks if a user is subscribed to a particular mailer. If the method finds a matching record, then the user is subscribed. Otherwise, they are not. Note that this is an opt-in strategy. We're deliberately looking for records where <code>subscribed</code> is set to <code>true</code>. This means that if there is no record in the database, they'll be considered unsubscribed.</li> <li>To make this an opt-out strategy, you could simply replace <code>subscribed: true</code> with <code>subscribed: false</code>.</li> </ul> </blockquote> <h2> Step 3: Allow a User to Automatically Unsubscribe from a Mailer </h2> <ol> <li>Generate a controller to handle automatic unsubscribes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller mailer_subscription_unsubcribes </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">resources</span> <span class="ss">:mailer_subscription_unsubcribes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build the endpoints. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/mailer_subscription_unsubcribes_controller.rb</span> <span class="k">class</span> <span class="nc">MailerSubscriptionUnsubcribesController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_user</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:set_mailer_subscription</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="k">def</span> <span class="nf">show</span> <span class="k">if</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="ss">subscribed: </span><span class="kp">false</span><span class="p">)</span> <span class="vi">@message</span> <span class="o">=</span> <span class="s2">"You've successfully unsubscribed from this email."</span> <span class="k">else</span> <span class="vi">@message</span> <span class="o">=</span> <span class="s2">"There was an error"</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">toggle!</span><span class="p">(</span><span class="ss">:subscribed</span><span class="p">)</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Subscription updated."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"There was an error."</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_user</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">GlobalID</span><span class="o">::</span><span class="no">Locator</span><span class="p">.</span><span class="nf">locate_signed</span> <span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">]</span> <span class="vi">@message</span> <span class="o">=</span> <span class="s2">"There was an error"</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">nil?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_mailer_subscription</span> <span class="vi">@mailer_subscription</span> <span class="o">=</span> <span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">find_or_initialize_by</span><span class="p">(</span> <span class="ss">user: </span><span class="vi">@user</span><span class="p">,</span> <span class="ss">mailer: </span><span class="n">params</span><span class="p">[</span><span class="ss">:mailer</span><span class="p">]</span> <span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build the view. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%# app/views/mailer_subscription_unsubcribes/show.html.erb %&gt; &lt;h1&gt;Unsubscribe&lt;/h1&gt; &lt;p&gt;&lt;%= @message %&gt;&lt;/p&gt; &lt;%= button_to @mailer_subscription.call_to_action, mailer_subscription_unsubcribe_path, method: :patch, params: { mailer: params[:mailer] } if @mailer_subscription.present? %&gt; </code></pre> </div> <p>You can test this be getting the <a href="https://github.com/rails/globalid" rel="noopener noreferrer">Global ID</a> of a user and going to the endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">to_sgid</span><span class="p">.</span><span class="nf">to_s</span> <span class="c1"># =&gt; "abc123..."</span> </code></pre> </div> <p><a href="http://localhost:3000/mailer_subscription_unsubcribes/abc123...?mailer=MarketingMailer" rel="noopener noreferrer">http://localhost:3000/mailer_subscription_unsubcribes/abc123...?mailer=MarketingMailer</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fngdqd5yyb1rh154hchdu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fngdqd5yyb1rh154hchdu.png" alt="Page where a user can auto unsubscribe from mailer"></a></p> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create an endpoint that will automatically unsubscribe a user from a particular mailer. This is a little unconventional since we're creating a record on a GET request (instead of a POST request). We're forced to do this because a user will be clicking a link from an email to unsubscribe. If emails supported forms, we could create a POST request.</li> <li>We add a button on that page that will allow the user to resubscribe to the mailer. Note that we don't redirect back to the <code>show</code> action because that would end up unsubscribing the user from the mailer again.</li> <li>We find the user through their GlobalID in the URL which makes the URLs difficult to discover. Otherwise the URL would just accept the user's ID which is much easier to guess. This will prevent a bad actor from from unsubscribing a user from a mailer. </li> </ul> </blockquote> <h2> Step 4: Build a Page for User to Update Their Email Preferences </h2> <ol> <li>Generate a controller for the MailerSubscription model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller mailer_subscriptions </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="o">...</span> <span class="n">resources</span> <span class="ss">:mailer_subscription_unsubcribes</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="n">resources</span> <span class="ss">:mailer_subscriptions</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:create</span><span class="p">,</span> <span class="ss">:update</span><span class="p">]</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build the endpoints. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/mailer_subscriptions_controller.rb</span> <span class="k">class</span> <span class="nc">MailerSubscriptionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span> <span class="n">before_action</span> <span class="ss">:set_mailer_subscription</span><span class="p">,</span> <span class="ss">only: :update</span> <span class="n">before_action</span> <span class="ss">:handle_unauthorized</span><span class="p">,</span> <span class="ss">only: :update</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@mailer_subscriptions</span> <span class="o">=</span> <span class="no">MailerSubscription</span><span class="o">::</span><span class="no">MAILERS</span><span class="p">.</span><span class="nf">items</span><span class="p">.</span><span class="nf">map</span> <span class="k">do</span> <span class="o">|</span><span class="n">item</span><span class="o">|</span> <span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">find_or_initialize_by</span><span class="p">(</span><span class="ss">mailer: </span><span class="n">item</span><span class="p">[</span><span class="ss">:class</span><span class="p">],</span> <span class="ss">user: </span><span class="n">current_user</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@mailer_subscription</span> <span class="o">=</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">mailer_subscriptions</span><span class="p">.</span><span class="nf">build</span><span class="p">(</span><span class="n">mailer_subscription_params</span><span class="p">)</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">subscribed</span> <span class="o">=</span> <span class="kp">true</span> <span class="k">if</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">save</span> <span class="n">redirect_to</span> <span class="n">mailer_subscriptions_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Preferences updated."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">mailer_subscriptions_path</span><span class="p">,</span> <span class="ss">alter: </span><span class="s2">"</span><span class="si">#{</span><span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span><span class="p">.</span><span class="nf">to_sentence</span><span class="si">}</span><span class="s2">"</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">toggle!</span><span class="p">(</span><span class="ss">:subscribed</span><span class="p">)</span> <span class="n">redirect_to</span> <span class="n">mailer_subscriptions_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Preferences updated."</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">mailer_subscriptions_path</span><span class="p">,</span> <span class="ss">alter: </span><span class="s2">"</span><span class="si">#{</span><span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span><span class="p">.</span><span class="nf">to_sentence</span><span class="si">}</span><span class="s2">"</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">mailer_subscription_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:mailer_subscription</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:mailer</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_mailer_subscription</span> <span class="vi">@mailer_subscription</span> <span class="o">=</span> <span class="no">MailerSubscription</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_unauthorized</span> <span class="n">redirect_to</span> <span class="n">root_path</span><span class="p">,</span> <span class="ss">status: :unauthorized</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"Unauthorized."</span> <span class="ow">and</span> <span class="k">return</span> <span class="k">if</span> <span class="n">current_user</span> <span class="o">!=</span> <span class="vi">@mailer_subscription</span><span class="p">.</span><span class="nf">user</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a page allowing a user to subscribe/unsubscribe from all possible mailers that are defined in <code>MailerSubscription::MAILERS</code>. We can't call <code>@user.mailer_subscriptions</code> because they may not have any records.</li> <li>We create a <code>handle_unauthorized</code> method to prevent a user from subscribing/unsubscribing another user from mailers. We need to do this because we're passing in the ID of the <code>MailerSubscription</code> through the params hash which can be altered via the browser.</li> </ul> </blockquote> <ol> <li>Build the views. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%# app/views/mailer_subscriptions/index.html.erb %&gt; &lt;ul style="list-style:none;"&gt; &lt;%= render @mailer_subscriptions %&gt; &lt;/ul&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%# app/views/mailer_subscriptions/_mailer_subscription.html.erb %&gt; &lt;% if mailer_subscription.new_record? %&gt; &lt;li style="margin-bottom: 16px;"&gt; &lt;p&gt;&lt;%= mailer_subscription.description %&gt;&lt;/p&gt; &lt;%= button_to mailer_subscriptions_path, params: { mailer_subscription: mailer_subscription.attributes } do %&gt; &lt;%= mailer_subscription.call_to_action %&gt; &lt;% end %&gt; &lt;hr/&gt; &lt;/li&gt; &lt;% else %&gt; &lt;li style="margin-bottom: 16px;"&gt; &lt;p&gt;&lt;%= mailer_subscription.description %&gt;&lt;/p&gt; &lt;%= button_to mailer_subscription_path(mailer_subscription), method: :put do %&gt; &lt;%= mailer_subscription.call_to_action %&gt; &lt;% end %&gt; &lt;hr/&gt; &lt;/li&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We loop through each <code>MailerSubscription</code> instance. If it's a <a href="https://api.rubyonrails.org/classes/ActiveRecord/Persistence.html#method-i-new_record-3F" rel="noopener noreferrer">new_record?</a> we create a <code>MailerSubscription</code>. Otherwise, it's an existing record and we <a href="https://api.rubyonrails.org/classes/ActiveRecord/Persistence.html#method-i-toggle-21" rel="noopener noreferrer">toggle!</a> the <code>subscribed</code> value.</li> <li>In either case we use a <a href="https://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-button_to" rel="noopener noreferrer">button_to</a> to hit the correct endpoint. Note that when we're creating a new <code>MailerSubscription</code> we pass <code>mailer_subscription.attributes</code> as params, but we're only permitting the <code>mailer</code> value in our controller.</li> </ul> </blockquote> <p><a href="http://localhost:3000/mailer_subscriptions" rel="noopener noreferrer">http://localhost:3000/mailer_subscriptions</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3ffztlkm501u6tl5fes.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3ffztlkm501u6tl5fes.png" alt="Page for User to Update Their Email Preferences"></a></p> <h2> Step 5: Add Unsubscribe Link to Mailer and Prevent Delivery if User Has Unsubscribed </h2> <ol> <li>Add shared logic to <code>ApplicationMailer</code>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/mailers/application_mailer.rb</span> <span class="k">class</span> <span class="nc">ApplicationMailer</span> <span class="o">&lt;</span> <span class="no">ActionMailer</span><span class="o">::</span><span class="no">Base</span> <span class="n">before_action</span> <span class="ss">:set_user</span> <span class="n">before_action</span> <span class="ss">:set_unsubscribe_url</span><span class="p">,</span> <span class="ss">if: :should_unsubscribe?</span> <span class="n">before_action</span> <span class="ss">:set_mailer_subscriptions_url</span><span class="p">,</span> <span class="ss">if: :should_unsubscribe?</span> <span class="n">after_action</span> <span class="ss">:prevent_delivery_if_recipient_opted_out</span><span class="p">,</span> <span class="ss">if: :should_unsubscribe?</span> <span class="n">default</span> <span class="ss">from: </span><span class="s1">'from@example.com'</span> <span class="n">layout</span> <span class="s1">'mailer'</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">prevent_delivery_if_recipient_opted_out</span> <span class="n">mail</span><span class="p">.</span><span class="nf">perform_deliveries</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">subscribed_to_mailer?</span> <span class="nb">self</span><span class="p">.</span><span class="nf">class</span><span class="p">.</span><span class="nf">to_s</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_user</span> <span class="vi">@user</span> <span class="o">=</span> <span class="n">params</span><span class="p">[</span><span class="ss">:user</span><span class="p">]</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_unsubscribe_url</span> <span class="vi">@unsubscribe_url</span> <span class="o">=</span> <span class="n">mailer_subscription_unsubcribe_url</span><span class="p">(</span><span class="vi">@user</span><span class="p">.</span><span class="nf">to_sgid</span><span class="p">.</span><span class="nf">to_s</span><span class="p">,</span> <span class="ss">mailer: </span><span class="nb">self</span><span class="p">.</span><span class="nf">class</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">set_mailer_subscriptions_url</span> <span class="vi">@mailer_subscriptions_url</span> <span class="o">=</span> <span class="n">mailer_subscriptions_url</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">should_unsubscribe?</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">respond_to?</span><span class="p">(</span><span class="ss">:subscribed_to_mailer?</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add several <a href="https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-callbacks" rel="noopener noreferrer">action mailer callbacks</a> to the <code>ApplicationMailer</code> in order for this logic to be shared across all mailers.</li> <li>We call <code>prevent_delivery_if_recipient_opted_out</code> which will conditionally prevent the mailer from being sent if the user is not subscribed to that mailer. This is accomplished by setting <code>mail.perform_deliveries</code> to <code>true</code> or <code>false</code> based on the return value of <code>@user.subscribed_to_mailer? self.class.to_s</code>. Note that calling <code>self.class.to_s</code> will return the name of the mailer (i.e. MarketingMailer).</li> <li>We call <code>@user.to_sgid.to_s</code> to ensure the the URL is unique and does not contain the user's id. Otherwise a bad actor could unsubscribe any user from a mailer.</li> <li>We conditionally call these callbacks with <code>should_unsubscribe?</code> to ensures we've passed a user to the mailer. </li> </ul> </blockquote> <ol> <li>Conditionally render unsubscribe links in mailer layouts. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%# app/views/layouts/mailer.html.erb %&gt; &lt;!DOCTYPE html&gt; &lt;html&gt; ... &lt;body&gt; &lt;%= yield %&gt; &lt;%= render "shared/mailers/unsubscribe_links" if @unsubscribe_url.present? %&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;%# app/views/layouts/mailer.txt.erb %&gt; &lt;%= yield %&gt; &lt;%= render "shared/mailers/unsubscribe_links" if @unsubscribe_url.present? %&gt; </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r7oiltiv9zpo9aecp18.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r7oiltiv9zpo9aecp18.png" alt="Conditionally render unsubscribe links in mailer layouts."></a></p> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn" rel="noopener noreferrer">Follow me on Twitter</a> to get even more tips.</p> tutorial rails Build an API in Rails with Authentication Steve Polito Sat, 31 Jul 2021 12:40:06 +0000 https://dev.to/stevepolitodesign/build-an-api-in-rails-with-authentication-5g1j https://dev.to/stevepolitodesign/build-an-api-in-rails-with-authentication-5g1j <p>In this tutorial, we'll build a full-featured API in Rails with authentication. Below is what we'll cover.</p> <ul> <li>Encrypting API keys.</li> <li>Building a form to view and rotate the API key.</li> <li>Versioning our API.</li> <li>Returning the correct HTTP status code.</li> <li>Authorizing requests.</li> <li>Handling missing records.</li> <li>Monitoring API usage.</li> <li>Writing tests for the API.</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cwx8tfbjcr3ettk07xj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cwx8tfbjcr3ettk07xj.png" alt="A form allowing users to view and rotate their private API key"></a><br> <em>A form allowing users to view and rotate their private API key</em></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gv03w7ehi2fsk7rngw9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gv03w7ehi2fsk7rngw9.png" alt="API as viewed from Postman"></a><br> <em>API as viewed from Postman.</em></p> <h2> Step 1: Add Encrypted Private API Key Column to Users Table </h2> <ol> <li>Install <a href="https://github.com/ankane/lockbox" rel="noopener noreferrer">lockbox</a> and <a href="https://github.com/ankane/blind_index" rel="noopener noreferrer">blind_index</a>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bundle add lockbox bundle add blind_index </code></pre> </div> <ol> <li>Configure Lockbox for test, development, and production environments. You'll want to run the following code for each environment. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails c Lockbox.generate_key =&gt; "123abc" rails credentials:edit --environment=test </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">lockbox</span><span class="pi">:</span> <span class="na">master_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123abc"</span> </code></pre> </div> <ol> <li>Create migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g migration add_private_api_key_ciphertext_to_users private_api_key_ciphertext:text </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/xxx_add_private_api_key_ciphertext_to_users.rb</span> <span class="k">class</span> <span class="nc">AddPrivateApiKeyToUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="c1"># encrypted data</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:private_api_key_ciphertext</span><span class="p">,</span> <span class="ss">:text</span> <span class="c1"># blind index</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:private_api_key_bidx</span><span class="p">,</span> <span class="ss">:string</span> <span class="n">add_index</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:private_api_key_bidx</span><span class="p">,</span> <span class="ss">unique: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails db:migrate </code></pre> </div> <ol> <li>Update User model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">encrypts</span> <span class="ss">:private_api_key</span> <span class="n">blind_index</span> <span class="ss">:private_api_key</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Set private api key via a callback. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">encrypts</span> <span class="ss">:private_api_key</span> <span class="n">blind_index</span> <span class="ss">:private_api_key</span> <span class="n">before_create</span> <span class="ss">:set_private_api_key</span> <span class="n">validates</span> <span class="ss">:private_api_key</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="kp">true</span><span class="p">,</span> <span class="ss">allow_blank: </span><span class="kp">true</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_private_api_key</span> <span class="nb">self</span><span class="p">.</span><span class="nf">private_api_key</span> <span class="o">=</span> <span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span> <span class="k">if</span> <span class="nb">self</span><span class="p">.</span><span class="nf">private_api_key</span><span class="p">.</span><span class="nf">nil?</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We use Lockbox as a means to encrypt the private API key because the key is essentially as sensitive as a username and password. If the database were ever compromised, the keys would not be exposed. This gem also allows us to reference the column as <code>private_api_key</code> and not <code>private_api_key_ciphertext</code> </li> <li>We use Blink Index as a means to query against the key, as well as ensure its value is unique. We need Blink Index because the column is encrypted.</li> <li>We add a validation ensuring the key is unique. This is because the key will be used to identify a user.</li> <li>We use <a href="https://ruby-doc.org/stdlib-3.0.2/libdoc/securerandom/rdoc/SecureRandom.html" rel="noopener noreferrer">SecureRandom</a> to generate a unique value for the key. This is necessary to make it difficult for someone to guess another user's key.</li> </ul> </blockquote> <h2> Step 2: Allow User to View and Rotate Private API Key </h2> <ol> <li>Create an endpoint for creating a new key. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller user/private_api_keys </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/user/private_api_keys_controller.rb</span> <span class="k">class</span> <span class="nc">User::PrivateApiKeysController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="ss">private_api_key: </span><span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="p">)</span> <span class="n">redirect_to</span> <span class="n">edit_user_registration_path</span><span class="p">,</span> <span class="ss">notice: </span><span class="s2">"API Updated"</span> <span class="k">else</span> <span class="n">redirect_to</span> <span class="n">edit_user_registration_path</span><span class="p">,</span> <span class="ss">alert: </span><span class="s2">"There was an error: </span><span class="si">#{</span><span class="n">current_user</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span><span class="p">.</span><span class="nf">to_sentence</span><span class="si">}</span><span class="s2">"</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">namespace</span> <span class="ss">:user</span> <span class="k">do</span> <span class="n">resource</span> <span class="ss">:private_api_keys</span><span class="p">,</span> <span class="ss">only: :update</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update views. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g devise:views </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># app/views/devise/registrations/edit.html.erb &lt;%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %&gt; ... &lt;% end %&gt; ... &lt;h3&gt;API Key&lt;/h3&gt; &lt;%= form_with model: current_user, url: user_private_api_keys_path do |f| %&gt; &lt;%= f.text_field :private_api_key, disabled: true %&gt; &lt;%= f.submit "Generate New Key" %&gt; &lt;% end %&gt; ... </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cwx8tfbjcr3ettk07xj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cwx8tfbjcr3ettk07xj.png" alt="A form allowing users to view and rotate their private API key"></a></p> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <a href="https://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing" rel="noopener noreferrer">namespaced</a> endpoint allowing a user to update their API key. We don't need to namespace the route, but it helps keep things organized. We add a new form to the view generated by Devise. This form simply hits the endpoint and generates a new API key. <ul> <li>Note that we set the input to be disabled to ensure a user can't set their own key. We want this to happen server-side. </li> </ul> </li> </ul> </blockquote> <h2> Step 3: Create Post Model </h2> <ol> <li>Create and run migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g model Post user:references title:string body:text rails db:migrate </code></pre> </div> <ol> <li>Add validations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/post.rb</span> <span class="k">class</span> <span class="nc">Post</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">belongs_to</span> <span class="ss">:user</span> <span class="n">validates</span> <span class="ss">:title</span><span class="p">,</span> <span class="ss">:body</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Associate with User. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="n">has_many</span> <span class="ss">:posts</span><span class="p">,</span> <span class="ss">dependent: :destroy</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Seed data. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/seeds.rb</span> <span class="no">User</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"user@example.com"</span><span class="p">,</span> <span class="ss">password: </span><span class="s2">"password"</span><span class="p">)</span> <span class="mi">10</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span> <span class="o">|</span><span class="n">i</span><span class="o">|</span> <span class="no">User</span><span class="p">.</span><span class="nf">first</span><span class="p">.</span><span class="nf">posts</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="s2">"Post </span><span class="si">#{</span><span class="n">i</span><span class="o">+</span><span class="mi">1</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="ss">body: </span><span class="s2">"Body copy"</span><span class="p">)</span> <span class="k">end</span> <span class="no">User</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"another_user@example.com"</span><span class="p">,</span> <span class="ss">password: </span><span class="s2">"password"</span><span class="p">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails db:seed </code></pre> </div> <h2> Step 4: Create API Endpoints </h2> <ol> <li>Generate namespaced controllers </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller api/v1/posts </code></pre> </div> <ol> <li>Add routes. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">namespace</span> <span class="ss">:api</span> <span class="k">do</span> <span class="n">namespace</span> <span class="ss">:v1</span> <span class="k">do</span> <span class="n">defaults</span> <span class="ss">format: :json</span> <span class="k">do</span> <span class="n">resources</span> <span class="ss">:posts</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:create</span><span class="p">,</span> <span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Create base controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>touch app/controllers/api/v1/base_controller.rb </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/base_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::BaseController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/posts_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::PostsController</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">BaseController</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <a href="https://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing" rel="noopener noreferrer">namespaced</a> endpoint to encapsulate and version our API. This is best practice since we'll want to make a new version of our API each time we make changes to it while still maintaining older versions.</li> <li>We set the <a href="https://guides.rubyonrails.org/routing.html#defining-defaults" rel="noopener noreferrer">default format</a> to respond with JSON. This means all responses from the API will be sent as JSON. </li> <li>We create a base controller that will be inherited by the API. This will make it easy to add shared logic in the API without affecting the web interface. <ul> <li>Note that our <code>Api::V1::PostsController</code> now inherits from <code>Api::V1::BaseController</code> and not <code>ApplicationController</code>.</li> </ul> </li> </ul> </blockquote> <h2> Step 5: Authenticate Requests </h2> <ol> <li>Authenticate all requests to the API. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/base_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::BaseController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">authenticate</span> <span class="n">authenticate_user_with_token</span> <span class="o">||</span> <span class="n">handle_bad_authentication</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">authenticate_user_with_token</span> <span class="n">authenticate_with_http_token</span> <span class="k">do</span> <span class="o">|</span><span class="n">token</span><span class="p">,</span> <span class="n">options</span><span class="o">|</span> <span class="vi">@user</span> <span class="o">||=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">private_api_key: </span><span class="n">token</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_bad_authentication</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s2">"Bad credentials"</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We use the <a href="https://github.com/rails/rails/blob/83217025a171593547d1268651b446d3533e2019/actionpack/lib/action_controller/metal/http_authentication.rb#L352" rel="noopener noreferrer">authenticate_user_with_token</a> method that ships with Rails to authenticate all requests to our API with a user's private API key that will be sent through an <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization" rel="noopener noreferrer">Authorization HTTP header</a>. We could pass the private API key via a <a href="https://en.wikipedia.org/wiki/Query_string" rel="noopener noreferrer">querystring</a>, but we would not be able to use <code>authenticate_user_with_token</code> method to find the user which is more secure.</li> <li>We handle bad requests by responding with a JSON payload containing a simple message and a status of 401. It's our responsibility to respond with the correct <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status" rel="noopener noreferrer">HTTP Status Code</a>.</li> </ul> </blockquote> <h2> Step 6: Handle Missing Records </h2> <ol> <li>Handle missing records. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/base_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::BaseController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">rescue_from</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">RecordNotFound</span><span class="p">,</span> <span class="ss">with: :handle_not_found</span> <span class="n">before_action</span> <span class="ss">:authenticate</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">authenticate</span> <span class="n">authenticate_user_with_token</span> <span class="o">||</span> <span class="n">handle_bad_authentication</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">authenticate_user_with_token</span> <span class="n">authenticate_with_http_token</span> <span class="k">do</span> <span class="o">|</span><span class="n">token</span><span class="p">,</span> <span class="n">options</span><span class="o">|</span> <span class="vi">@user</span> <span class="o">||=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">private_api_key: </span><span class="n">token</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_bad_authentication</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s2">"Bad credentials"</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_not_found</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s2">"Record not found"</span> <span class="p">},</span> <span class="ss">status: :not_found</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We <a href="https://api.rubyonrails.org/classes/ActiveSupport/Rescuable/ClassMethods.html#method-i-rescue_from" rel="noopener noreferrer">rescue_from</a> any missing record with a custom JSON response. You can think of this as a custom 404 page, but for an API. We make sure to respond with the correct <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status" rel="noopener noreferrer">HTTP Status Code</a>.</li> </ul> </blockquote> <h2> Step 7: Create Response Views </h2> <ol> <li>Generate response partials with <a href="https://guides.rubyonrails.org/action_view_overview.html#jbuilder" rel="noopener noreferrer">Jbuilder</a>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g jbuilder api/v1/posts user:references title:string body:text --model-name=Post </code></pre> </div> <ol> <li>Update paths. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/views/api/v1/posts/index.json.jbuilder</span> <span class="n">json</span><span class="p">.</span><span class="nf">array!</span> <span class="vi">@posts</span><span class="p">,</span> <span class="ss">partial: </span><span class="s2">"api/v1/posts/post"</span><span class="p">,</span> <span class="ss">as: :post</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/views/api/v1/posts/index.json.jbuilder</span> <span class="n">json</span><span class="p">.</span><span class="nf">partial!</span> <span class="s2">"api/v1/posts/post"</span><span class="p">,</span> <span class="ss">post: </span><span class="vi">@post</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/views/api/v1/posts/_post.json.jbuilder</span> <span class="n">json</span><span class="p">.</span><span class="nf">url</span> <span class="n">api_v1_post_url</span><span class="p">(</span><span class="n">post</span><span class="p">,</span> <span class="ss">format: :json</span><span class="p">)</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We use <a href="https://guides.rubyonrails.org/action_view_overview.html#jbuilder" rel="noopener noreferrer">Jbuilder</a> to create the views our API will respond with. Instead of creating <code>.html.erb</code> files, we're simply creating JSON files. We could render the data directly in the <code>Api::V1::PostsController</code>, but this keeps our controller lean by using Rails conventions.</li> </ul> </blockquote> <h2> Step 8: Create Endpoints </h2> <ol> <li>Add controller actions and filters. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/posts_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::PostsController</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">BaseController</span> <span class="n">before_action</span> <span class="ss">:set_post</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">]</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@posts</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">posts</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">show</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@post</span> <span class="o">=</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">posts</span><span class="p">.</span><span class="nf">build</span><span class="p">(</span><span class="n">post_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="ss">:show</span><span class="p">,</span> <span class="ss">status: :created</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="vi">@post</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">post_params</span><span class="p">)</span> <span class="n">render</span> <span class="ss">:show</span><span class="p">,</span> <span class="ss">status: :ok</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="vi">@post</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">destroy</span> <span class="n">render</span> <span class="ss">:show</span><span class="p">,</span> <span class="ss">status: :ok</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_post</span> <span class="vi">@post</span> <span class="o">=</span> <span class="no">Post</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">post_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:post</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:body</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a traditional <a href="https://guides.rubyonrails.org/action_controller_overview.html" rel="noopener noreferrer">controller</a> with endpoints to list posts, get a post, update a post, create a post and delete a post.</li> <li>Since this controller inherits from <code>Api::V1::BaseController</code> all requests will need to be authenticated.</li> <li>We make sure to always respond with JSON either through our Jbuilder views, or directly in the controller.</li> <li>We pass any error message to a <code>message</code> key in the JSON response. We don't have to call this key <code>message</code>, nor do we have to respond with a message at all, but we want to make out API helpful.</li> <li>We make sure to always respond with the correct <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status" rel="noopener noreferrer">HTTP Status Code</a>.</li> </ul> </blockquote> <p>If you use an API client like <a href="https://www.postman.com/" rel="noopener noreferrer">Postman</a> you can test the API.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gv03w7ehi2fsk7rngw9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0gv03w7ehi2fsk7rngw9.png" alt="A successful request to the index action"></a><br> <em>API as viewed from Postman.</em><br> <em>A successful request to the index action.</em></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzaqc2v4gw6gc5qss85z.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzaqc2v4gw6gc5qss85z.png" alt="A non authenticated request to the index action"></a><br> <em>A non authenticated request to the index action.</em></p> <h2> Step 9: Authorize Requests. </h2> <ol> <li>Authorize requests. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/posts_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::PostsController</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">BaseController</span> <span class="o">...</span> <span class="n">before_action</span> <span class="ss">:authorize_post</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">]</span> <span class="o">...</span> <span class="kp">private</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">authorize_post</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s2">"Unauthorized"</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">unless</span> <span class="vi">@user</span> <span class="o">==</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">user</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiu8j46ym24rqlx6cht2t.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiu8j46ym24rqlx6cht2t.png" alt="A unauthorized request to the show action"></a><br> <em>A unauthorized request to the show action.</em></p> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We don't want other users to able to view, update or destroy another user's data. We create a simple method to ensure the current user is the same user in the record. <ul> <li>Note that we don't need to do this for the index or create action, since those actions are already scoped to the user.</li> </ul> </li> </ul> </blockquote> <h2> Step 10: Handle Invalid Authenticity Token </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F04gt3wjwbtv0dzdvw52d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F04gt3wjwbtv0dzdvw52d.png" alt="Invalid Authenticity Token is raised when trying to create a post"></a><br> <em>Invalid Authenticity Token is raised when trying to create a post</em></p> <ol> <li>Update Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/base_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::BaseController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">protect_from_forgery</span> <span class="ss">with: :null_session</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>By default, Rails protects any request other than a GET request from Cross-Site Request Forgery (CSRF) attacks by including a token in the rendered HTML for your application. However since we're making a request from outside of the application, Rails will raise a <code>ActionController::InvalidAuthenticityToken</code> error. </li> <li>We add a call to <a href="https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html" rel="noopener noreferrer">protect_from_forgery with: :null_session</a> to allow for unverified requests to hit our API. </li> </ul> </blockquote> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F02s7743k8l6d3szk0576.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F02s7743k8l6d3szk0576.png" alt="A successful POST request"></a><br> <em>A successful POST request.</em></p> <h2> Step 11: Log API Requests </h2> <ol> <li>Create Request Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g model Request user:references requestable_type:string method:integer </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># db/migrate/xxx_create_requests.rb</span> <span class="k">class</span> <span class="nc">CreateRequests</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:requests</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">references</span> <span class="ss">:user</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span><span class="p">,</span> <span class="ss">foreign_key: </span><span class="kp">true</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:requestable_type</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">t</span><span class="p">.</span><span class="nf">integer</span> <span class="ss">:method</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Associate with User. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="n">has_many</span> <span class="ss">:requests</span><span class="p">,</span> <span class="ss">dependent: :destroy</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Validate Model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/request.rb</span> <span class="k">class</span> <span class="nc">Request</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">belongs_to</span> <span class="ss">:user</span> <span class="c1"># ArgumentError: You tried to define an enum named "method" on the model "Request",</span> <span class="c1"># but this will generate a class method "delete", which is already defined by Active Record.</span> <span class="n">enum</span> <span class="ss">method: </span><span class="p">[</span><span class="ss">:get</span><span class="p">,</span> <span class="ss">:post</span><span class="p">,</span> <span class="ss">:put</span><span class="p">,</span> <span class="ss">:patch</span><span class="p">,</span> <span class="ss">:delete</span><span class="p">],</span> <span class="ss">_suffix: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:method</span><span class="p">,</span> <span class="ss">:requestable_type</span><span class="p">,</span> <span class="ss">:user</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:requestable_type</span><span class="p">,</span> <span class="ss">inclusion: </span><span class="p">{</span> <span class="ss">in: </span><span class="sx">%w(Post)</span> <span class="p">}</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Update Controller to Log API requests. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/api/v1/posts_controller.rb</span> <span class="k">class</span> <span class="nc">Api::V1::PostsController</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">BaseController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">index</span> <span class="o">...</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">requests</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">method: :get</span><span class="p">,</span> <span class="ss">requestable_type: </span><span class="s2">"Post"</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">show</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">requests</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">method: :get</span><span class="p">,</span> <span class="ss">requestable_type: </span><span class="s2">"Post"</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="o">...</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">requests</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">method: :post</span><span class="p">,</span> <span class="ss">requestable_type: </span><span class="s2">"Post"</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="o">...</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">requests</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">method: :put</span><span class="p">,</span> <span class="ss">requestable_type: </span><span class="s2">"Post"</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="o">...</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">requests</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">method: :delete</span><span class="p">,</span> <span class="ss">requestable_type: </span><span class="s2">"Post"</span><span class="p">)</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We make a model to store all requests made by the User. To make this as flexible as possible we add an <a href="https://edgeapi.rubyonrails.org/classes/ActiveRecord/Enum.html" rel="noopener noreferrer">enum</a> column to store the request method and a requestable_type column to store the class name of the record in the original API request. This will allow us to see exactly what type of request was made and on what record. This can be helpful if we need to enforce different usage limits for any combination of request method and record type. <ul> <li>Note that we add set <code>_suffix: true</code> on the enum value. This is because one of the enum values we're setting is <code>delete</code>, which is a reserved method name.</li> <li>We create a validation to limit the requestable_type column to only "Post". This will ensure we keep our records consistently formatted. </li> <li>Note that we set a database constraint on the method and requestable_type columns to prevent null values.</li> </ul> </li> <li>We create a new <code>Request</code> request for each action in the <code>Api::V1::PostsController</code>. We make sure to pass the correct HTTP request to the <code>method</code>. </li> </ul> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User.first.requests.count User.first.requests.where(method: :get).count User.first.requests.where(method: :get, requestable_type: "Post", created_at: 1.month.ago.beginning_of_day..Time.now.end_of_day).count </code></pre> </div> <h2> API Tests </h2> <p>Below are tests needed to cover our API.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test/controllers/api/v1/posts_controller_test.rb</span> <span class="nb">require</span> <span class="s2">"test_helper"</span> <span class="k">class</span> <span class="nc">Api::V1::PostsControllerTest</span> <span class="o">&lt;</span> <span class="no">ActionDispatch</span><span class="o">::</span><span class="no">IntegrationTest</span> <span class="n">setup</span> <span class="k">do</span> <span class="vi">@user_one</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"</span><span class="si">#{</span><span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="si">}</span><span class="s2">@example.com"</span><span class="p">,</span> <span class="ss">password: </span><span class="s2">"password"</span><span class="p">)</span> <span class="vi">@user_two</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">email: </span><span class="s2">"</span><span class="si">#{</span><span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="si">}</span><span class="s2">@example.com"</span><span class="p">,</span> <span class="ss">password: </span><span class="s2">"password"</span><span class="p">)</span> <span class="vi">@user_one_post</span> <span class="o">=</span> <span class="vi">@user_one</span><span class="p">.</span><span class="nf">reload</span><span class="p">.</span><span class="nf">posts</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="s2">"User One Post"</span><span class="p">,</span> <span class="ss">body: </span><span class="s2">"Body"</span><span class="p">)</span> <span class="vi">@user_two_post</span> <span class="o">=</span> <span class="vi">@user_two</span><span class="p">.</span><span class="nf">reload</span><span class="p">.</span><span class="nf">posts</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="s2">"User One Post"</span><span class="p">,</span> <span class="ss">body: </span><span class="s2">"Body"</span><span class="p">)</span> <span class="k">end</span> <span class="k">class</span> <span class="nc">Authenticated</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">PostsControllerTest</span> <span class="nb">test</span> <span class="s2">"should get posts"</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">(</span><span class="s2">"Request.count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">get</span> <span class="n">api_v1_posts_path</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="vi">@user_one_post</span><span class="p">.</span><span class="nf">title</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:ok</span> <span class="k">end</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should get post"</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">(</span><span class="s2">"Request.count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">get</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_one_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="vi">@user_one_post</span><span class="p">.</span><span class="nf">title</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:ok</span> <span class="k">end</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should handle 404"</span> <span class="k">do</span> <span class="n">get</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="s2">"does_not_exis"</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_response</span> <span class="ss">:not_found</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should create post"</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">([</span><span class="s2">"Post.count"</span><span class="p">,</span> <span class="s2">"Request.count"</span><span class="p">],</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">post</span> <span class="n">api_v1_posts_path</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">},</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">post: </span><span class="p">{</span> <span class="ss">title: </span><span class="s2">"title"</span><span class="p">,</span> <span class="ss">body: </span><span class="s2">"body"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="s2">"title"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:created</span> <span class="k">end</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should handle errors on create"</span> <span class="k">do</span> <span class="n">assert_no_difference</span><span class="p">(</span><span class="s2">"Post.count"</span><span class="p">)</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">(</span><span class="s2">"Request.count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">post</span> <span class="n">api_v1_posts_path</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">},</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">post: </span><span class="p">{</span> <span class="ss">title: </span><span class="kp">nil</span><span class="p">,</span> <span class="ss">body: </span><span class="kp">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="s2">"message"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should update post"</span> <span class="k">do</span> <span class="n">put</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_one_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">},</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">post: </span><span class="p">{</span> <span class="ss">title: </span><span class="s2">"updated"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="s2">"updated"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:ok</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should handle errors on update"</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">(</span><span class="s2">"Request.count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">put</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_one_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">},</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">post: </span><span class="p">{</span> <span class="ss">title: </span><span class="kp">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_match</span> <span class="s2">"message"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">body</span> <span class="n">assert_response</span> <span class="ss">:unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should delete post"</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">([</span><span class="s2">"Post.count"</span><span class="p">],</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">assert_difference</span><span class="p">(</span><span class="s2">"Request.count"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">do</span> <span class="n">delete</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_one_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_response</span> <span class="ss">:ok</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">class</span> <span class="nc">Unauthorized</span> <span class="o">&lt;</span> <span class="no">Api</span><span class="o">::</span><span class="no">V1</span><span class="o">::</span><span class="no">PostsControllerTest</span> <span class="nb">test</span> <span class="s2">"should not get posts"</span> <span class="k">do</span> <span class="n">get</span> <span class="n">api_v1_posts_path</span> <span class="n">assert_response</span> <span class="ss">:unauthorized</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should not load another's post"</span> <span class="k">do</span> <span class="n">get</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_two_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_response</span> <span class="ss">:unauthorized</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should not update another's post"</span> <span class="k">do</span> <span class="n">put</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_two_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">},</span> <span class="ss">params: </span><span class="p">{</span> <span class="ss">post: </span><span class="p">{</span> <span class="ss">title: </span><span class="s2">"updated"</span> <span class="p">}</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_response</span> <span class="ss">:unauthorized</span> <span class="k">end</span> <span class="nb">test</span> <span class="s2">"should not delete another's post"</span> <span class="k">do</span> <span class="n">assert_no_difference</span><span class="p">([</span><span class="s2">"Post.count"</span><span class="p">,</span> <span class="s2">"Request.count"</span><span class="p">])</span> <span class="k">do</span> <span class="n">delete</span> <span class="n">api_v1_post_path</span><span class="p">(</span><span class="vi">@user_two_post</span><span class="p">),</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Authorization"</span><span class="p">:</span> <span class="s2">"Token token=</span><span class="si">#{</span><span class="vi">@user_one</span><span class="p">.</span><span class="nf">private_api_key</span><span class="si">}</span><span class="s2">"</span> <span class="p">}</span> <span class="n">assert_equal</span> <span class="s2">"application/json; charset=utf-8"</span><span class="p">,</span> <span class="vi">@response</span><span class="p">.</span><span class="nf">content_type</span> <span class="n">assert_response</span> <span class="ss">:unauthorized</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn" rel="noopener noreferrer">Follow me on Twitter</a> to get even more tips.</p> rails tutorial Search Across Multiple Models in Rails Steve Polito Sun, 27 Jun 2021 03:15:32 +0000 https://dev.to/stevepolitodesign/search-across-multiple-models-in-rails-3kj0 https://dev.to/stevepolitodesign/search-across-multiple-models-in-rails-3kj0 <p>In this tutorial you'll learn how to search across multiple models in Rails. Below is a demo of what we'll be building. Note how both Post and User records appear in the search. As an added bonus, we highlight the search query in the results.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_9qEY_jn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4gju1wxf9kc0dzipu2yu.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_9qEY_jn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4gju1wxf9kc0dzipu2yu.png" alt="demo"></a></p> <h2> Step 1: Set Up </h2> <ol> <li>Create a new Rails application. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails new rails-search-across-multiple-models </code></pre> </div> <ol> <li>Generate a Post and User Scaffold. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g scaffold Post title body:text rails g scaffold User name biography:text </code></pre> </div> <h2> Step 2: Create a Model to Store Search Entries </h2> <ol> <li>Create a SearchEntry model and run migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g model SearchEntry title body:text searchable:references{polymorphic} rails db:migrate </code></pre> </div> <ol> <li>Convert the SearchEntry model to a Delegated Type. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/search_entry.rb</span> <span class="k">class</span> <span class="nc">SearchEntry</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">delegated_type</span> <span class="ss">:searchable</span><span class="p">,</span> <span class="ss">types: </span><span class="sx">%w[ Post User ]</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We give the model a title and a body to standardize what columns we will be able to search against. This is the actual model that will be searched.</li> <li>The model will connect other models through a <a href="https://guides.rubyonrails.org/association_basics.html#polymorphic-associations">polymorphic association</a>. This means we can make any model searchable.</li> <li>We use a <a href="https://api.rubyonrails.org/classes/ActiveRecord/DelegatedType.html">delegated type</a> to connect the SearchEntry model with the Post and User models. </li> </ul> </blockquote> <ol> <li>Create a Searchable Concern. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/concerns/searchable.rb</span> <span class="k">module</span> <span class="nn">Searchable</span> <span class="kp">extend</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">Concern</span> <span class="n">included</span> <span class="k">do</span> <span class="n">has_one</span> <span class="ss">:search_entry</span><span class="p">,</span> <span class="ss">as: :searchable</span><span class="p">,</span> <span class="ss">touch: </span><span class="kp">true</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/post.rb</span> <span class="k">class</span> <span class="nc">Post</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Searchable</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Searchable</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <a href="https://api.rubyonrails.org/classes/ActiveSupport/Concern.html">concern</a> to be shared across the Post and User model. This is not required, but helps keep our code DRY.</li> <li>The concern is simply connecting the Post and User models to the SearchEntry model. When the Post or User models are updated, the associated SearchEntry model will have its <code>updated_at</code> column updated. This is because we're calling <code>touch: true</code>. That part is not required, but helps keep things consistent between models. </li> </ul> </blockquote> <h2> Step 3: Prevent Duplicate SearchEntry Records </h2> <ol> <li>Add a uniquness scope to the SearchEntry model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/search_entry.rb </span> <span class="k">class</span> <span class="nc">SearchEntry</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">delegated_type</span> <span class="ss">:searchable</span><span class="p">,</span> <span class="ss">types: </span><span class="sx">%w[ Post User ]</span> <span class="n">validates</span> <span class="ss">:searchable_type</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="p">{</span> <span class="ss">scope: :searchable_id</span> <span class="p">}</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add a <a href="https://guides.rubyonrails.org/active_record_validations.html#uniqueness">uniqueness scope</a> to prevent a Post or User from having multiple SearchEntry records associated with them. This will prevent duplicate search results.</li> </ul> </blockquote> <h2> Step 4: Use Callbacks to Dynamically Create, Update and Destroy SearchEntry Records. </h2> <ol> <li>Add the following callbacks to the Post and User models. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/post.rb</span> <span class="k">class</span> <span class="nc">Post</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Searchable</span> <span class="n">after_commit</span> <span class="ss">:create_search_entry</span><span class="p">,</span> <span class="ss">on: :create</span> <span class="n">after_commit</span> <span class="ss">:update_search_entry</span><span class="p">,</span> <span class="ss">on: :update</span> <span class="n">after_commit</span> <span class="ss">:destroy_search_entry</span><span class="p">,</span> <span class="ss">on: :destroy</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">create_search_entry</span> <span class="no">SearchEntry</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="nb">self</span><span class="p">.</span><span class="nf">title</span><span class="p">,</span> <span class="ss">body: </span><span class="nb">self</span><span class="p">.</span><span class="nf">body</span><span class="p">,</span> <span class="ss">searchable: </span><span class="nb">self</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update_search_entry</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="ss">title: </span><span class="nb">self</span><span class="p">.</span><span class="nf">title</span><span class="p">,</span> <span class="ss">body: </span><span class="nb">self</span><span class="p">.</span><span class="nf">body</span><span class="p">)</span> <span class="k">if</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy_search_entry</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">destroy</span> <span class="k">if</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/models/user.rb</span> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Searchable</span> <span class="n">after_commit</span> <span class="ss">:create_search_entry</span><span class="p">,</span> <span class="ss">on: :create</span> <span class="n">after_commit</span> <span class="ss">:update_search_entry</span><span class="p">,</span> <span class="ss">on: :update</span> <span class="n">after_commit</span> <span class="ss">:destroy_search_entry</span><span class="p">,</span> <span class="ss">on: :destroy</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">create_search_entry</span> <span class="no">SearchEntry</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="nb">self</span><span class="p">.</span><span class="nf">name</span><span class="p">,</span> <span class="ss">body: </span><span class="nb">self</span><span class="p">.</span><span class="nf">biography</span><span class="p">,</span> <span class="ss">searchable: </span><span class="nb">self</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update_search_entry</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="ss">title: </span><span class="nb">self</span><span class="p">.</span><span class="nf">name</span><span class="p">,</span> <span class="ss">body: </span><span class="nb">self</span><span class="p">.</span><span class="nf">biography</span><span class="p">)</span> <span class="k">if</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy_search_entry</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">destroy</span> <span class="k">if</span> <span class="nb">self</span><span class="p">.</span><span class="nf">search_entry</span><span class="p">.</span><span class="nf">present?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We use <a href="https://guides.rubyonrails.org/active_record_callbacks.html">callbacks</a> to create, update and destroy an associated SearchEntry record per Post and User. This ensures that the associated SearchEntry will always be in sync with the source model. </li> <li>We set the <code>title</code> and <code>body</code> columns on the SearchEntry to whatever values make most sense. This allows us to have full control over what will be able to be searched. Note that we can pass whatever we want into the <code>title</code> and <code>body</code> columns.</li> </ul> </blockquote> <h2> Step 5: Create the Search Form </h2> <ol> <li>Create a SearchEntries Controller. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g controller SearchEntries index </code></pre> </div> <ol> <li>Add a route for the search form and root path. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/routes.rb</span> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">routes</span><span class="p">.</span><span class="nf">draw</span> <span class="k">do</span> <span class="n">root</span> <span class="ss">to: </span><span class="s1">'search_entries#index'</span> <span class="n">get</span> <span class="s1">'search_entries/index'</span><span class="p">,</span> <span class="ss">as: </span><span class="s1">'search'</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Build the search endpoint. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/search_entries_controller.rb</span> <span class="k">class</span> <span class="nc">SearchEntriesController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@search_entries</span> <span class="o">=</span> <span class="no">SearchEntry</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="s2">"title LIKE ? OR body LIKE ?"</span><span class="p">,</span> <span class="s2">"%</span><span class="si">#{</span><span class="n">params</span><span class="p">[</span><span class="ss">:query</span><span class="p">]</span><span class="si">}</span><span class="s2">%"</span><span class="p">,</span> <span class="s2">"%</span><span class="si">#{</span><span class="n">params</span><span class="p">[</span><span class="ss">:query</span><span class="p">]</span><span class="si">}</span><span class="s2">%"</span><span class="p">)</span> <span class="k">if</span> <span class="n">params</span><span class="p">[</span><span class="ss">:query</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We query for any SearchEntry record that has a title or body containing the search query.</li> <li>We add the <code>if params[:query]</code> conditional to prevent any results from being rendered until a user makes a search query. This is optional.</li> </ul> </blockquote> <ol> <li>Build the search form and search partial. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># app/views/search_entries/index.html.erb &lt;%= form_with url: :search, method: :get do |form| %&gt; &lt;%= form.label :query, "Search for:" %&gt; &lt;%= form.text_field :query %&gt; &lt;%= form.submit "Search" %&gt; &lt;%= link_to "Reset", search_path %&gt; &lt;% end %&gt; &lt;%= render partial: "search_entries/search_entry", collection: @search_entries %&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># app/views/search_entries/_search_entry.html.erb &lt;%= link_to polymorphic_path search_entry.searchable do %&gt; &lt;h2&gt;&lt;%= highlight search_entry.title, params[:query] %&gt;&lt;/h2&gt; &lt;span&gt;&lt;strong&gt;&lt;%= search_entry.searchable_type %&gt;&lt;/strong&gt;&lt;/span&gt; &lt;p&gt;&lt;%= highlight search_entry.body, params[:query] %&gt;&lt;/p&gt; &lt;hr/&gt; &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <a href="https://guides.rubyonrails.org/form_helpers.html#a-generic-search-form">simple search form</a> that will hit <code>search_entries#index</code>. The <code>form.text_field :query</code> field simply passes the correct parameter into the URL.</li> <li>We create a simple partial to render the search result. We use the <a href="https://api.rubyonrails.org/classes/ActionDispatch/Routing/PolymorphicRoutes.html#method-i-polymorphic_path">polymorphic_path</a> method to link to the correct model (Post or User).</li> <li>We use the <a href="https://api.rubyonrails.org/classes/ActionView/Helpers/TextHelper.html#method-i-highlight">highlight</a> method to highlight the string being searched.</li> </ul> </blockquote> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn">Follow me on Twitter</a> to get even more tips.</p> tutorial rails Use Pundit as a Rails Feature Flag System Steve Polito Mon, 21 Jun 2021 15:38:35 +0000 https://dev.to/stevepolitodesign/use-pundit-as-a-rails-feature-flag-system-3152 https://dev.to/stevepolitodesign/use-pundit-as-a-rails-feature-flag-system-3152 <p>In this tutorial, I'll show you how to create a feature flag system in Rails using <a href="https://github.com/varvet/pundit">pundit</a> and a <code>features</code> column on the <code>users</code> table.</p> <p><strong>Resources</strong></p> <ul> <li><a href="https://github.com/stevepolitodesign/pundit-feature-flags">Source Code</a></li> </ul> <h2> Step 1: Initial Setup </h2> <p>This tutorial assumes you are using <a href="https://github.com/heartcombo/devise">devise</a> and have a <code>User</code> model. However, you should still be able to follow along and implement this pattern even if that's not the case. </p> <ol> <li>Create a <code>Post</code> scaffold. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g scaffold Post title:string user:references meta_description:text </code></pre> </div> <ol> <li>Add a <code>features</code> column to the <code>users</code> table by running the following command. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g migration add_features_to_users features:jsonb </code></pre> </div> <ol> <li>Set a default value on the <code>features</code> column. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">class</span> <span class="nc">AddFeaturesToUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">6.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">add_column</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">:features</span><span class="p">,</span> <span class="ss">:jsonb</span><span class="p">,</span> <span class="ss">default: </span><span class="p">{}</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We add a <a href="https://guides.rubyonrails.org/active_record_postgresql.html#json-and-jsonb">JSONB Column</a> to our <code>users</code> table. This will allow us to store multiple features in one column, compared to making a column for each feature.</li> <li>We add <code>default: {}</code> simply to add a formatted default value to this column.</li> </ul> </blockquote> <ol> <li>Run the migrations. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails db:migrate </code></pre> </div> <ol> <li>Set features on <code>User</code> model. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="o">...</span> <span class="no">FEATURES</span> <span class="o">=</span> <span class="sx">%i[enable_post_meta_description]</span><span class="p">.</span><span class="nf">freeze</span> <span class="n">store</span> <span class="ss">:features</span><span class="p">,</span> <span class="ss">accessors: </span><span class="no">User</span><span class="o">::</span><span class="no">FEATURES</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We create a <code>FEATURES</code> constant that will store the names of our features as symbols by calling <code>%i</code> on the array. We call <code>.freeze</code> to ensure this constant cannot be updated anywhere else.</li> <li>We use <a href="https://api.rubyonrails.org/classes/ActiveRecord/Store.html">ActiveRecord::Store</a> to interface with the <code>features</code> column. This will allow us to call <code>@user.enable_post_meta_description</code> instead of <code>user.features.enable_post_meta_description</code>. By passing <code>User::FEATURES</code> into the <code>accessors</code> parameter we can continue to add new features in the <code>FEATURES</code> constant.</li> </ul> </blockquote> <p>Setting a <code>features</code> column on the <code>users</code> table will allow us to enable/disable features on a per-user basis.</p> <ol> <li>Enable the <code>enable_post_meta_description</code> for a user. That way you have something to test. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User.last.update(enable_post_meta_description: true) </code></pre> </div> <h2> Step 2: Install Pundit and Build a Policy </h2> <p>Next, we'll need to install and configure <a href="https://github.com/varvet/pundit">pundit</a>.</p> <ol> <li>Install <a href="https://github.com/varvet/pundit">pundit</a>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bundle add pundit </code></pre> </div> <ol> <li>Generate the base pundit files. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g pundit:install </code></pre> </div> <ol> <li>Include pundit in the <code>ApplicationController</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">ApplicationController</span> <span class="o">&lt;</span> <span class="no">ActionController</span><span class="o">::</span><span class="no">Base</span> <span class="kp">include</span> <span class="no">Pundit</span> <span class="k">end</span> </code></pre> </div> <h2> Step 3: Build a Feature Flag Policy </h2> <ol> <li>Generate a namespaced pundit policy. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails g pundit:policy feature/enable_post_meta_description </code></pre> </div> <ol> <li>Build the policy </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Feature::EnablePostMetaDescriptionPolicy</span> <span class="o">&lt;</span> <span class="no">ApplicationPolicy</span> <span class="k">def</span> <span class="nf">ceate?</span> <span class="n">user</span><span class="p">.</span><span class="nf">present?</span> <span class="o">&amp;&amp;</span> <span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="nf">enable_post_meta_description</span> <span class="o">==</span> <span class="kp">true</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">permitted_attributes</span> <span class="k">if</span> <span class="n">user</span><span class="p">.</span><span class="nf">enable_post_meta_description</span> <span class="o">==</span> <span class="kp">true</span> <span class="p">[</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:user_id</span><span class="p">,</span> <span class="ss">:meta_description</span><span class="p">]</span> <span class="k">else</span> <span class="p">[</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:user_id</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We generate a policy under the <code>feature</code> namespace. This is not required, but it helps keep things organized and will allow us to add new policies for new features later. We also name this policy to match the name of the feature in the <code>User</code> model.</li> <li>We build a <code>ceate?</code> method that returns <code>true</code> or <code>false</code> based on whether or not that user has the <code>enable_post_meta_description</code> feature set to true. We could have called the method <code>index?</code>, <code>new?</code>, <code>update?</code>, <code>edit?</code> or <code>destroy?</code> but <code>create?</code> makes the most sense in this context. We're building a policy that enables a user to <strong>create</strong> a meta description on a post. </li> <li>We used pundit's <a href="https://github.com/varvet/pundit#strong-parameters">permitted_attributes</a> method to return an array of paramters to be used in the <code>PostsController</code>. This will allow us to conditionally permit the <code>meta_description</code> parameter.</li> </ul> </blockquote> <h2> Step 4: Implement the Feature Flag </h2> <ol> <li>Update the <code>post_params</code> to hook into the <code>permitted_attributes</code> method. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">PostsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:authenticate_user!</span><span class="p">,</span> <span class="ss">except: </span><span class="sx">%i[ show index ]</span> <span class="n">before_action</span> <span class="ss">:set_post</span><span class="p">,</span> <span class="ss">only: </span><span class="sx">%i[ show edit update destroy ]</span> <span class="kp">private</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">post_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:post</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span> <span class="no">Feature</span><span class="o">::</span><span class="no">EnablePostMetaDescriptionPolicy</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">current_user</span><span class="p">,</span> <span class="no">Post</span><span class="p">).</span><span class="nf">permitted_attributes</span> <span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We instantiate a new instance of the <code>Feature::EnablePostMetaDescriptionPolicy</code> policy class and pass in the <code>current_user</code> and <code>Post</code> per pundit's API. Then we call <code>permitted_attributes</code> to load the correct parameters based on whether the user has access to the <code>meta_description</code>.</li> <li>Note that we call <code>authenticate_user!</code> before all actions except <code>show</code> and <code>index</code> since the <code>Feature::EnablePostMetaDescriptionPolicy</code> relies on a user.</li> </ul> </blockquote> <ol> <li>Conditionally show the <code>meta_description</code> in the post form partial. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># app/views/posts/_form.html.erb &lt;%= form_with(model: post) do |form| %&gt; ... &lt;% if Feature::EnablePostMetaDescriptionPolicy.new(current_user, post).create? %&gt; &lt;div class="field"&gt; &lt;%= form.label :meta_description %&gt; &lt;%= form.text_area :meta_description %&gt; &lt;/div&gt; &lt;% end %&gt; ... &lt;% end %&gt; </code></pre> </div> <blockquote> <p><strong>What's Going On Here?</strong></p> <ul> <li>We wrap the <code>meta_description</code> field in a new instance of the <code>Feature::EnablePostMetaDescriptionPolicy</code> policy class. We call <code>create?</code> which returns <code>true</code> or <code>false</code> based on whether the user has access to the <code>meta_description</code>.</li> </ul> </blockquote> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn">Follow me on Twitter</a> to get even more tips.</p> rails ruby tutorial Create an infinite scrolling blog roll in Rails with Hotwire Steve Polito Tue, 23 Mar 2021 01:54:19 +0000 https://dev.to/stevepolitodesign/create-an-infinite-scrolling-blog-roll-in-rails-with-hotwire-2a8n https://dev.to/stevepolitodesign/create-an-infinite-scrolling-blog-roll-in-rails-with-hotwire-2a8n <p>In this tutorial, I'll show you how to add an infinitely scrolling blog roll using Rails and Hotwire. Note that this is different than <a href="https://gorails.com/episodes/infinite-scroll-stimulus-js" rel="noopener noreferrer">Chris Oliver's awesome infinite scroll tutorial</a>, in that we're loading a new post once a user scrolls to the bottom of a current post. Below is a demo.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstevepolito.design%2F39aefa4d5ea0ba86becd2a5ccd72e810%2Fdemo.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstevepolito.design%2F39aefa4d5ea0ba86becd2a5ccd72e810%2Fdemo.gif" alt="demo"></a></p> <ul> <li><a href="https://github.com/stevepolitodesign/rails-infinite-scroll-posts" rel="noopener noreferrer">Source Code</a></li> <li><a href="https://stevepolito.design/blog/rails-infinite-scrolling-blog-roll/" rel="noopener noreferrer">Original Article</a></li> </ul> <h2> Step 1: Application Set-Up </h2> <ol> <li><code>rails new rails-infinite-scroll-posts -d-postgresql --webpacker=stimulus</code></li> <li><code>rails db:setup</code></li> <li><code>bundle add turbo-rails</code></li> <li><code>rails turbo:install</code></li> </ol> <h2> Step 2: Create Post Scaffold </h2> <ol> <li><code>rails g scaffold post title body:text</code></li> <li><code>rails db:migrate</code></li> </ol> <h2> Step 3: Add Seed Data </h2> <ol> <li><code>bundle add faker -g=development</code></li> <li>Update <code>db/seeds.rb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="mi">10</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span> <span class="o">|</span><span class="n">i</span><span class="o">|</span> <span class="no">Post</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="ss">title: </span><span class="s2">"Post </span><span class="si">#{</span><span class="n">i</span><span class="o">+</span><span class="mi">1</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="ss">body: </span><span class="no">Faker</span><span class="o">::</span><span class="no">Lorem</span><span class="p">.</span><span class="nf">paragraph</span><span class="p">(</span><span class="ss">sentence_count: </span><span class="mi">500</span><span class="p">))</span> <span class="k">end</span> </code></pre> </div> <ol> <li><code>rails db:seed</code></li> </ol> <h2> Step 4. Create the ability to navigate between Posts </h2> <ol> <li> <code>touch app/models/concerns/navigable.rb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">module</span> <span class="nn">Navigable</span> <span class="kp">extend</span> <span class="no">ActiveSupport</span><span class="o">::</span><span class="no">Concern</span> <span class="k">def</span> <span class="nf">next</span> <span class="nb">self</span><span class="p">.</span><span class="nf">class</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="s2">"id &gt; ?"</span><span class="p">,</span> <span class="nb">self</span><span class="p">.</span><span class="nf">id</span><span class="p">).</span><span class="nf">order</span><span class="p">(</span><span class="ss">id: :asc</span><span class="p">).</span><span class="nf">first</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">previous</span> <span class="nb">self</span><span class="p">.</span><span class="nf">class</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="s2">"id &lt; ?"</span><span class="p">,</span> <span class="nb">self</span><span class="p">.</span><span class="nf">id</span><span class="p">).</span><span class="nf">order</span><span class="p">(</span><span class="ss">id: :desc</span><span class="p">).</span><span class="nf">first</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ol> <li>Include Module in Post Model </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Post</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="kp">include</span> <span class="no">Navigable</span> <span class="k">end</span> </code></pre> </div> <blockquote> <p>Note: We could just add the <code>next</code> and <code>previous</code> methods directly in the <code>Post</code> model, but using a Module means we can use these methods in future models. </p> </blockquote> <ol> <li>Update PostsController </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">PostsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">show</span> <span class="vi">@next_post</span> <span class="o">=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">next</span> <span class="k">end</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <h2> Step 5: Use Turbo Frames to lazy-load the next Post </h2> <ol> <li>Add frames to <code>app/views/posts/show.html.erb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight erb"><code><span class="nt">&lt;p</span> <span class="na">id=</span><span class="s">"notice"</span><span class="nt">&gt;</span><span class="cp">&lt;%=</span> <span class="n">notice</span> <span class="cp">%&gt;</span><span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@post</span><span class="p">)</span> <span class="k">do</span> <span class="cp">%&gt;</span> <span class="nt">&lt;p&gt;</span> <span class="nt">&lt;strong&gt;</span>Title:<span class="nt">&lt;/strong&gt;</span> <span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">title</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;p&gt;</span> <span class="nt">&lt;strong&gt;</span>Body:<span class="nt">&lt;/strong&gt;</span> <span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">body</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Edit'</span><span class="p">,</span> <span class="n">edit_post_path</span><span class="p">(</span><span class="vi">@post</span><span class="p">),</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> | <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Back'</span><span class="p">,</span> <span class="n">posts_path</span><span class="p">,</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">),</span> <span class="ss">loading: :lazy</span><span class="p">,</span> <span class="ss">src: </span><span class="n">post_path</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@next_post</span><span class="p">.</span><span class="nf">present?</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%</span> <span class="k">end</span> <span class="cp">%&gt;</span> </code></pre> </div> <p><strong>What's going on?</strong></p> <ul> <li>We wrap the content in a <code>turbo_frame_tag</code> with an <code>ID</code> of <code>dom_id(@post)</code>. For example, the <code>dom_id(@post)</code> call will evaluate to <code>id="post_1"</code>if the Post's ID is 1. This keeps the ID's unique.</li> <li>We add another <code>turbo_frame_tag</code> within the outer <code>turbo_frame_tag</code> to <a href="https://turbo.hotwire.dev/reference/frames#lazy-loaded-frame" rel="noopener noreferrer">lazy-load</a> the next post. We can look for the next post thanks to our <code>Navigable</code> module that we created earlier. <ul> <li>The <code>loading</code> attribute ensures that the frame will only load once it appears in the viewport.</li> </ul> </li> <li>We add <code>data: { turbo_frame: "_top" }</code> to <a href="https://turbo.hotwire.dev/reference/frames#frame-with-overwritten-navigation-targets" rel="noopener noreferrer">override navigation targets</a> and force those pages to replace the whole frame. Otherwise, we would need to add Turbo Frames to the <code>edit</code> and <code>index</code> views. <ul> <li>This is only because those links are nested in the outermost <code>turbo_frame_tag</code>.</li> </ul> </li> </ul> <h2> Step 6: Use Stimulus to update the path as new posts are loaded </h2> <ol> <li> <code>touch app/javascript/controllers/infinite_scroll_controller.js</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Controller</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">stimulus</span><span class="dl">"</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">extends</span> <span class="nx">Controller</span> <span class="p">{</span> <span class="kd">static</span> <span class="nx">targets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">entry</span><span class="dl">"</span><span class="p">]</span> <span class="kd">static</span> <span class="nx">values</span> <span class="o">=</span> <span class="p">{</span> <span class="na">path</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="p">}</span> <span class="nf">connect</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">createObserver</span><span class="p">();</span> <span class="p">}</span> <span class="nf">createObserver</span><span class="p">()</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">observer</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// https://github.com/w3c/IntersectionObserver/issues/124#issuecomment-476026505</span> <span class="na">threshold</span><span class="p">:</span> <span class="p">[</span><span class="mi">0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">]</span> <span class="p">};</span> <span class="nx">observer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">IntersectionObserver</span><span class="p">(</span><span class="nx">entries</span> <span class="o">=&gt;</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleIntersect</span><span class="p">(</span><span class="nx">entries</span><span class="p">),</span> <span class="nx">options</span><span class="p">);</span> <span class="nx">observer</span><span class="p">.</span><span class="nf">observe</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">entryTarget</span><span class="p">);</span> <span class="p">}</span> <span class="nf">handleIntersect</span><span class="p">(</span><span class="nx">entries</span><span class="p">)</span> <span class="p">{</span> <span class="nx">entries</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">entry</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">entry</span><span class="p">.</span><span class="nx">isIntersecting</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// https://github.com/turbolinks/turbolinks/issues/219#issuecomment-376973429</span> <span class="nx">history</span><span class="p">.</span><span class="nf">replaceState</span><span class="p">(</span><span class="nx">history</span><span class="p">.</span><span class="nx">state</span><span class="p">,</span> <span class="dl">""</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">pathValue</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ol> <li>Update that markup in <code>app/views/posts/show.html.erb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight erb"><code><span class="nt">&lt;p</span> <span class="na">id=</span><span class="s">"notice"</span><span class="nt">&gt;</span><span class="cp">&lt;%=</span> <span class="n">notice</span> <span class="cp">%&gt;</span><span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@post</span><span class="p">)</span> <span class="k">do</span> <span class="cp">%&gt;</span> <span class="nt">&lt;div</span> <span class="na">data-controller=</span><span class="s">"infinite-scroll"</span> <span class="na">data-infinite-scroll-path-value=</span><span class="s">"</span><span class="cp">&lt;%=</span> <span class="n">post_path</span><span class="p">(</span><span class="vi">@post</span><span class="p">)</span> <span class="cp">%&gt;</span><span class="s">"</span> <span class="na">data-infinite-scroll-target=</span><span class="s">"entry"</span><span class="nt">&gt;</span> <span class="nt">&lt;p&gt;</span> <span class="nt">&lt;strong&gt;</span>Title:<span class="nt">&lt;/strong&gt;</span> <span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">title</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;p&gt;</span> <span class="nt">&lt;strong&gt;</span>Body:<span class="nt">&lt;/strong&gt;</span> <span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">body</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Edit'</span><span class="p">,</span> <span class="n">edit_post_path</span><span class="p">(</span><span class="vi">@post</span><span class="p">),</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> | <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Back'</span><span class="p">,</span> <span class="n">posts_path</span><span class="p">,</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">),</span> <span class="ss">loading: :lazy</span><span class="p">,</span> <span class="ss">src: </span><span class="n">post_path</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@next_post</span><span class="p">.</span><span class="nf">present?</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%</span> <span class="k">end</span> <span class="cp">%&gt;</span> </code></pre> </div> <p><strong>What's going on?</strong></p> <ul> <li>We use the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API" rel="noopener noreferrer">Intersection Observer API</a> to determine when the post has entered the viewport. <ul> <li>We set the <code>threshold</code> to <code>[0, 1.0]</code> to <a href="https://github.com/turbolinks/turbolinks/issues/219#issuecomment-376973429" rel="noopener noreferrer">account for elements that are taller than the viewport</a>. This ensures that <code>entry.isIntersecting</code> will return <code>true</code>.</li> </ul> </li> <li>When <code>entry.isIntersecting</code> returns <code>true</code>, we use <a href="https://developer.mozilla.org/en-US/docs/Web/API/History/replaceState" rel="noopener noreferrer">History.replaceState()</a> to update the URL with the path for the post that entered the viewport. <ul> <li>The value for the path is stored in the <code>data-infinite-scroll-path-value</code> attribute.</li> <li>We add <code>history.state</code> as the first argument to <code>history.replaceState</code> to account for an issue with <a href="https://github.com/turbolinks/turbolinks/issues/219#issuecomment-376973429" rel="noopener noreferrer">Turbolinks</a>.</li> </ul> </li> </ul> <h2> Step 7: Add a loading state and styles (optional) </h2> <ol> <li>Add Bootstrap via CDN to <code>app/views/layouts/application.html.erb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight erb"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;title&gt;</span>RailsInfiniteScrollPosts<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width,initial-scale=1"</span><span class="nt">&gt;</span> <span class="cp">&lt;%=</span> <span class="n">csrf_meta_tags</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%=</span> <span class="n">csp_meta_tag</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%=</span> <span class="n">stylesheet_link_tag</span> <span class="s1">'https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/dist/css/bootstrap.min.css'</span><span class="p">,</span> <span class="ss">integrity: </span><span class="s1">'sha384-BmbxuPwQa2lc/FVzBcNJ7UAyJxM6wuqIj61tLrc4wSX0szH/Ev+nYRRuWlolflfl'</span><span class="p">,</span> <span class="ss">crossorigin: </span><span class="s1">'anonymous'</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%=</span> <span class="n">stylesheet_link_tag</span> <span class="s1">'application'</span><span class="p">,</span> <span class="ss">media: </span><span class="s1">'all'</span><span class="p">,</span> <span class="s1">'data-turbolinks-track'</span><span class="p">:</span> <span class="s1">'reload'</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%=</span> <span class="n">javascript_pack_tag</span> <span class="s1">'application'</span><span class="p">,</span> <span class="s1">'data-turbolinks-track'</span><span class="p">:</span> <span class="s1">'reload'</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"container"</span><span class="nt">&gt;</span> <span class="cp">&lt;%=</span> <span class="k">yield</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <ol> <li>Update markup and add a loader to <code>app/views/posts/show.html.erb</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight erb"><code><span class="nt">&lt;p</span> <span class="na">id=</span><span class="s">"notice"</span><span class="nt">&gt;</span><span class="cp">&lt;%=</span> <span class="n">notice</span> <span class="cp">%&gt;</span><span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@post</span><span class="p">)</span> <span class="k">do</span> <span class="cp">%&gt;</span> <span class="nt">&lt;article</span> <span class="na">data-controller=</span><span class="s">"infinite-scroll"</span> <span class="na">data-infinite-scroll-path-value=</span><span class="s">"</span><span class="cp">&lt;%=</span> <span class="n">post_path</span><span class="p">(</span><span class="vi">@post</span><span class="p">)</span> <span class="cp">%&gt;</span><span class="s">"</span> <span class="na">data-infinite-scroll-target=</span><span class="s">"entry"</span><span class="nt">&gt;</span> <span class="nt">&lt;h2&gt;</span><span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">title</span> <span class="cp">%&gt;</span><span class="nt">&lt;/h2&gt;</span> <span class="nt">&lt;p&gt;</span><span class="cp">&lt;%=</span> <span class="vi">@post</span><span class="p">.</span><span class="nf">body</span> <span class="cp">%&gt;</span><span class="nt">&lt;/p&gt;</span> <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Edit'</span><span class="p">,</span> <span class="n">edit_post_path</span><span class="p">(</span><span class="vi">@post</span><span class="p">),</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> | <span class="cp">&lt;%=</span> <span class="n">link_to</span> <span class="s1">'Back'</span><span class="p">,</span> <span class="n">posts_path</span><span class="p">,</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">turbo_frame: </span><span class="s2">"_top"</span> <span class="p">}</span> <span class="cp">%&gt;</span> <span class="nt">&lt;/article&gt;</span> <span class="cp">&lt;%=</span> <span class="n">turbo_frame_tag</span> <span class="n">dom_id</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">),</span> <span class="ss">loading: :lazy</span><span class="p">,</span> <span class="ss">src: </span><span class="n">post_path</span><span class="p">(</span><span class="vi">@next_post</span><span class="p">)</span> <span class="k">do</span> <span class="cp">%&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"d-flex justify-content-center"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"spinner-border"</span> <span class="na">role=</span><span class="s">"status"</span><span class="nt">&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"visually-hidden"</span><span class="nt">&gt;</span>Loading...<span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="cp">&lt;%</span> <span class="k">end</span> <span class="k">if</span> <span class="vi">@next_post</span><span class="p">.</span><span class="nf">present?</span> <span class="cp">%&gt;</span> <span class="cp">&lt;%</span> <span class="k">end</span> <span class="cp">%&gt;</span> </code></pre> </div> <p>Did you like this post? <a href="https://twitter.com/stevepolitodsgn" rel="noopener noreferrer">Follow me on Twitter</a> to get even more tips.</p> rails ruby tutorial