Authentication in Ruby on Rails 6 log in, sign up – Josh Lee

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello today we're going to do authentication and ruby on rails 6. so this will let you login users sign them up protect routes and things like that um this i have a blog post on this my website it's josh lee so it's joshly.com so you can check that out and i'll be referring to this as we go through the page as we go through this process as it has all the code that we're going to need so let's go ahead and we're going to open up a rail6 project that i already have let's see here open this up and the first thing we're gonna do is we're going to create a user's model i don't have a users in this yet user's model uh in this yet so we're going to create users so what we're going to do is we're going to go here and i'm already in my folder here in easy org is the app it's called so we're going to go ahead and go to rails g for generation generate or for generate m-i-g-r my migration and my geo is that right and my grh migration and we're going to say create users like this so let's create this generation this migration great so we created this we can find this in our db migrate this is it right here so we're creating a table called users and we're going to have it with the timestamps stamped here and you notice since i named my migration create users it created this table for us already so it's pretty uh pretty easy so we're going to go ahead and say t string and we're going to say um user username and then we're also going to say t string we're going to say password it's not going to be a password it's going to be password digest just like that password digest so let's go ahead and run this migration so rails db migrate great so now we have a user's model so let's go ahead and make our or we have a user's table let's make our users model so we're gonna go app here we're gonna go to model and we're gonna go to new file here and we're gonna say user dot rb and this is just going to be our user model so we have class user inherit from application record application record yeah application record all right and now we have users in our app so let's just go to the rails console and just check and see if we have our users so we're going to say users.all and so we have this set up users so let's say user dot new we're going to say user name we're just going to say josh and we're going to say password it's going to be password let's try that an unknown attribute password oh yeah that's why we need to set up our gym so we're going to go to our gym file gym file here and we're going to use a gym called bcrypt and it's already here in your gym file right here and this is going to give us um some extra functions and let us save our password as a hash inside the database so it's not just plain text so we're just gonna un comment that out here and then we're going to go to our terminal we're going to exit this and we're just going to say bundle install to get that gem set up in our in our project and now we're going to go to our users model and we're going to say has secure password just like that so now we can go to our rails console and now we're going to have that the attribute password so if we say u equals user dot new and we'll say user name and we'll say josh and then we'll say password we'll say password all right so we're just going to use our save and now we have that user saved in our database so we use password even though we have password digest um see here even though we have password digest here um since we use that has secure password from our gym we can just use password um on our model okay great so now we have users we can create users we probably need to create a user form for that so we're going to go to our let's see here views and we're going to go to new folder and we're going to create a new user new folder for users and then we're going to create a new file called new.html.rb and this is going to be the form for our user okay so let's go ahead and say um sign up right so we want to sign up on this page and i'm going to go ahead and copy this form on the on this website here it's joshly.com this is my form for my user so let's go ahead and go right here this is just our form here it's a form with model user local true and then we're asking for the username um we didn't have email so let's get rid of email and then we have the password and we can still use password here for our um model because we have that gem so as you can see there's it's going to blow up because there's no model there's no um user instance variable on this page so it's going to blow up so what we need to do is in our users controller we need to set this instance variable in the new action so we're gonna go to controllers we're gonna create a new controller called users.controller rb and we're gonna say class users controller uh application controller controller okay and then we said in our new action new we want to have a user we're just going to say user dot new now we've written a lot of code without checking what's going on so let's go ahead and open up our server and let's go ahead and go to that user's new site users new page so if we go to localhost so we go to users.new you're going to see that we don't have the route to get users new now in most of the models that you use in rails you're going to have like the model here and the new like articles new but since this is specifically for users we probably want something like log in instead of users.new so we're going to go ahead and create these routes for our users to make new users and since we're there we're going to go ahead and make our routes for logging in and logging out so let's go ahead and go to our routes file let's see here where we have to route to router out config route and i'm going to go ahead and just copy these and then we're going to go through these together so authentication routes okay all right so we have sign up it's going to go to our users controller new we could say you know user slash new but we don't want to do that and since we have that uh users.new we're going to go ahead and make sure we don't use that when we do our resources for users then we have login which is our sessions we're going to use our sessions controller and it's very similar to your other controllers you're going to have like new create destroy things like that so we have login going to sessions controller new login post login going to sessions controller create just like our other crud app actions delete goes to log out to sessions destroy all right so let's go ahead and open up that user form let's go here no route matches get user because we have to do science sign in so what it is sign up let's look sign up no route matches get sign up let's check here let's go ahead and reset our server maybe that's it let's try it again no route get you gets no routes for sign up let's see what's going on here sign up there we go now we got our sign up and now we need to make sure where's our format let's see here our form so this is even though it's sign up it's under views users new and i'm wondering where our form is see here there is our forum there it is now it wants to appear okay so now we can create a new user um let's go ahead and say let's go to our users controller and new so we need to have our create action we're still working on users we haven't started on sessions yet and for creating a user i'm just going to go down to here to get this code and we're going to talk through this code right so what we're doing is we're setting a user variable we're passing in the parameters which is going to be the username and the password and we do this this is called strong parameters so we do this to pass in the parameters to whitelist the parameters of what we can set in our user then we go ahead and go to user.save if the user saves we go ahead and say user created we don't have the flash messages set up so i'm just going to delete this now or i'll just leave this in it's good good practice to have this here and then redirect to root path and if it doesn't um doesn't create a user we're just going to render the login page so if we create a user here i'm just going to say username joshly password password and if this goes to our root path and that means we set it up correctly and this goes to our root path so great so now we have user setup if you already have user set up now we can start with sessions so we already have our sessions routes set up if you remember every sessions route set up here so we need to do our controller now that we have recessions that we now that we have our routes so we're gonna go to app controllers and we're gonna create a sessions controller questions controller the rb and this is gonna be very similar to how all of your other controllers work for okay so to interact with the sessions controller and those routes we need to have a sign up form or a sign in form right so if we look at our routes our routes are logged in as sessions new so we probably need to put that in a sessions view folder so let's go ahead and go to views we're going to go to new folder and we're going to say sessions sessions new new.html.erb and this is going to be a login log in and we're going to use the same code from our form here for our user actually no we're not we're going to use a special form it's very similar but it's different we're going to use this form here and i'll i'll go over that in a second okay so we have our form with we have scope and then we have session that's different url login path we have our email we're getting we're getting our password and then we're getting our login here login button so let's go ahead and go to this and our app so this is log in sign in what is it login there we go all right so now we can interact with our controllers so with our sessions controller so what are we going to do with our sessions controller let's go to our sessions controller and we're going to do create we're going to take this code that i already wrote and i'll explain what it says what it does okay so we have our create so it's going to create a session that's very similar to our other crud out actions but instead of saving something to the database we're going to save it and then it's like a cookie so we have uh user dot user find email print find by email prem session email down case so here's what we're doing we're taking our users table and refining by emails and we're taking that password parameter that was sent in from i'm sorry the email parameter that was sent in from this form and we're finding the user that it works with this that uh is correlated to that user same email and i just did down case so everything's down case in my database um so yeah okay uh let's see here so if the if there's a user and authenticate so this is the uh method we get with that bcrypt gem so what we do is we say user authenticate and then we put in the password we're trying to use so this password is coming from this form here and we get that by params sessions password and then if that's good so we have our user it exists and then we have the user's password is correct what we do is this is how we log in right here we say session user id equals user id so we have our user here and we have our id here and then we'll have a flash notice log in successfully and we'll redirect a user or redirect to wherever redirect your route route path okay else if it doesn't work then we're just going to say there was something wrong with your login details and then we're going to render this form again and then to log out what we're going to do is destroy the session and all we have to do is go to session user id equals nil and then we're going to say you have logged out direct redirect through root path so to log in all we have to do is go here put in my information oops oh no i don't need email i need a username yeah the username let's go ahead and change this to username username all right so now we are logged in we don't have a message because we don't have the flash messages set up but this is basically authentication so if we want to have something like a protected route so in our sessions controller let's just say user controller um users controller what we can do is say maybe we want like define edit so we only want users to be able to um edit their profile if there's logged in right so what we can do is say like if session dot id equals nil which that means they're not logged in we can say i'm just going to write pseudocode redirect to login page else uh let them change the model okay and we can also we're going to be using this a lot so what we can do is we can take this code and we're going to put this in our application controller and i got a few methods here that we're going to use right here and we're going to put these here and i'll explain what they do one moment what these are going to do is we we can use these um this is in our application controller and all of our controllers inherit from application controller so that means they have all these methods so we can use current user logged in require user we can use all these uh methods for in our controllers so for example user's controller we can say like the same code if logged logged in same thing we did if not logged in redirect to log in page helps uh do cool stuff do cool stuff right or we'll let them do whatever and we also have these helper methods we said current user this right here and logged in our helper method so that means we can use these in our view so if we go to username or to let's go to pages home we can say hello world and then we can say something like if log in and then we'll say current user dot username and this current username this one right here i got from this this function here current user what it does is um it returns a current user and it finds it by it looks at that session id that we have saved and then finds it inside the um the table if there is one and we have this set up here and this means that if we already have set this once and it's not equal to nil then it just keeps it returns the same values that means we don't have to keep finding this every time we go to a new page or using current user um where is it at it's at home and all right so let's see if this works go home undefined method logged in well that's not good let's check what happened walk in in go ahead and reset this reset our server let's see if this works still no huh see here what i'm doing wrong just log in helper method oh let's save that now let's try there we go i didn't have it saved so now we can access the current user stuff here so now we have access to the current user in the session in the views here and we have access to the current session and the views um in our controllers too via these methods here and this is how you can just uh block off routes if they need to be logged in or not so that's that is authentication and rails so if you need to look at any of this code that i used and off for authentication then go ahead and go to my website it's joshly.com authentication rails on ruby authentication and ruby on rails six log in and sign up and i'll see you guys later

Info

Channel: Josh Lee

Views: 1,597

Rating: undefined out of 5

Keywords:

Id: oE3jzJrfhxc

Channel Id: undefined

Length: 21min 46sec (1306 seconds)

Published: Sun Apr 11 2021