As a routine, while on the job search, I will be aiming to upload a weekly blog post, in attempts to explain something technical that I've learned or grown from. I will be starting off with a three part series on authentication (auth), not to be confused with authorization.
The goal in the first part of this series will be to create new users in Ruby on Rails and securely store their password. We will have to create a User resource and store a hashed version of the password that User created.
This will be pretty straight-forward, the biggest difference between creating users and other resources will be storing a hashed version of the password rather than the actual password. Hashing is one-way encryption. The term hashing originates from making hashbrowns. When you start with each whole raw potato it's easier to tell which pieces came from which potato, but the more you cut up, stir in, and cook, it becomes impossible to tell which piece came from which potato and even more impossible to turn them back into whole raw potatoes.
So we're going to start off by making a rails api and going from there. For this example we'll make an API for a clothing store that will have Users. To create a clothing-store API we'll simply run the following command in our terminal inside of the directory we would like it to be saved in.
rails new clothing-store --api
Once Rails works its magic, we can open our boiler-plate API. The first thing we will do is open the Gemfile and un-comment line 17 (or whichever line says something along the lines of gem 'bcrypt', '~> 3.1.7'). This is a very simple example but if we were adding any other gems this would be a good time to do so. Now in the terminal run bundle install.
bcrypt is the gem that will be hashing our passwords for us. Once again showing that Rails really does give you so much power right out of the box.
Now we can setup our routes. For this example we only want to be able to create Users so that is the only route I will be creating. More developed applications may include other resources or routes such as, list, show, new, edit, update, and delete.
Now in our terminal we have to generate a users controller by running rails g controller users.
In our users_controller.rb we need a create method. In this example that is the only method we will need. Just like routes more developed projects may include other methods such as, list, show, new, edit, update, and delete. Our users_controller.rb should look like this:
The create method is pretty simple all it is saying is when creating a new instance of a user in the User class the params taken in as the username will be the username and same for the password. Then the instance of that user will be rendered in JSON and have a status of created.
Next is generating the user model. Remember the controller is always plural and the model is singular.
Run rails g model user in the terminal
The only thing we have to do in there is tell it the User class has a secure password by simply:
Now in our migration file we must add t.string :username and t.string :password_digest. password_digest is bcrypt magic and what hashes the password. Essentially, all we are doing here is saying the username and password will be strings.
Last step is to migrate the file by running rails db:migrate in the terminal and we should be able to create a User and store a hashed password. Run rails s in the terminal to start your server and let's try it out in Postman.
Above, we see that I have created a User with username "jonas" and password "jonas1!" and after the creation of this User we can see that it would be extremely hard to decipher the password_digest back to "jonas1!".
And there you have it, creating users and a hashed password! Thanks for reading & as always, I'd appreciate any input, questions or comments.
Top comments (0)