I am going to go over setting up a user sign-up, sign-out, and logout using sessions for authorization with Ruby on Rails. Side note I will not be going into putting this into application on the frontend.
Before I jump I will describe session data. In Ruby on rails the application can hold small amounts of data for each user. That data will remain between requests. We will need to store that data using cookies. It must be set up in the controllers. As we go through we will get into creating the session in the controller and enabling cookies.
We are going to start from scratch. In your terminal create a new folder and the cd into that folder. Then while in that folder type "rails new the-app-name --api --minimal --database=postgresql". This will build a new rails project using Postgresql. I am choosing Postgres incase this project will be deployed later using Heroku.
Now open the project on a code editor. I will be using VsCode. The gem for 'bcrypt' must be add to the Gemfile. bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.
Next we want to run bundle install. This will install all the necessary the Gemfile dependencies needed from the terminal.
Then we need to use some generators to create a model, a migration file and controller for user and a sessions controller . Run rails g resource User to create a model a controller for the User being signed up, logged in, or logged out.
Then we can just use a controller generator for the sessions controller.
Now we need to code the necessary columns to our user migration file. We will add a username and a password_digest. password_digest stores the salted password and the return value of BCrypt. It then concatenates them to produce a character string to separate them. This creates a very secure way of storing and encrypting passwords.
Now start the Postgres server, run rails db:create, and finally run rails db:migrate.
Time to begin our coding by starting in the routes file. We create two posts, a get, and a delete. The “/me” route will be used to allow the front end to know who the user is after when the page loads. The “signup” route will allow a user to create their username and password. The “/login” will verify and then login the user. Then finally the logout will remove the stored session.
Following add has_secure_password and validations into the User model. The has_secure_password adds methods to set and authenticate against a BCrypt password. Then the validations will ensure there will only be no duplicate usernames and that a username must be added in order to successfully process.
Afterwards add a create and show inside the User controller. The User create will allow a user to sign up. It will then store the user id in the session. That will be passed to our application controller, that we will set up shortly, which will authorize and then send back to our show method the instance method of the current user to show the frontend to the current user.
Now to create a show and destroy in the Sessions controller. The create method in this controller will allow a user to sign in. It will authenticate the username and the password and then it will send the session id over to the application controller which will authorize and then send back to our show method the instance method of the current user to show the frontend to the current user. The the destroy method will remove the session and the user will be successfully logged out.
Lastly we will update the Application controller in order to find the current user based off the session user id to create an instance of the current user. Before it performs this action it will authorize which is why we have added before_action :authorize. We have also included an ActionController for Cookies so the session data can be temporarily saved. Plus we are adding a rescue from incase the information provided is incorrect.
Now we need to add Cookies into the config file. A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. This allows for the frontend to temporarily store our sessions data so that the current user will persist while using the website.
Now we have a backend ready to talk to the frontend to use a secure user sign-in, sign-up, login and logout. I am currently still a student so I am also still learning but hopefully this has been helpful.
Top comments (0)