Codeplace | User Authentication in Ruby on Rails using Devise

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone welcome to another star cast and today I'm going to talk to you about user authentication through device I have via github official repository you're open and as you can see if you scroll down to the readme section devises a user authentication solution and it's very common in and very popular I liked it I liked it particularly for two reasons first is a complete MVC solution so you know what what to expect from here models views and controllers the second secondly it's because it's modular so as you can see here only use what you really need and in down here these are the ten modules that compose device and I'm going to I'm going to cover all of them with the exception of Omni off the reason why it's because it's a bigger concept abreast and I think it's it makes more sense just to make a separate stack cast just to teach you how to use Omni authentication okay so let me just show you the app this is the app we're going to build a very simple one as you can see which allows you to assign in and I try to be original and make posts so let me just sign in here very fast my mailer app password is the password password is the password okay notice that I've that I've typed enter and I've been redirected again to the sign-in page and why is that because I'm using the conformable module and I'm going to explain later which means that you must confirm your account and I see as you see here I received an email and I have to confirm my account here and only now am I able to log in okay as you can see now I can create a post successfully created let me just destroy and let's sign out and see what else so I'm going to teach you how to reset your password the confirmation as you've seen the unlockable so if you imagine if you try and log in several times to your account and failed you can set that to lock the account because maybe you're some acting job you know if maybe somebody else is trying to get into your account and you don't want that so you can lock your account on the signup form as you can see with I I'm going to teach you how to add and one extra fields to your model as you can see here name is not device default and that's pretty much it I'm going to teach you how to make a fully working user authentication system so let's begin okay let's begin and create your rails app so open the terminal type rails new let's call ours device app ok it's creating all the files and it's done clear the console the first thing we'll do is let's go here to the Aikido hub repository and scroll down to the starting the getting started section okay first thing install the gem so let's open our app on sublime let's go to gem file and paste it here now just run the bundle actually I have to go to our app directory and now bundle okay it's created now let's install the guys you can see here just copy this command go to your terminal and paste it press Enter okay successfully created now we have we have to generate a model so let's call ours user I think it makes sense user model okay and now let's create the views if you scroll down here to the configuring view section just paste this command into your terminal and press ENTER now it's done that's clear Council what I'm going to do next is just setting up SMTP settings for the action mailer I'm not going to cover in much detail because I have another stair cast just on action mailers so I'm just going to set up this really quickly as fast as I can so let's go to config environments development dot RB and if you scroll up here the first thing we need to do is to type this config action mailer default URL options and just paste it there and I need another config which is configured action mailer dot delivery method it must be SMTP okay now finally I'll just have to to paste some SMTP settings that I already have so let me come here to the config application dot RB under the class application just copy this if you want to use with your gmail account this is just the SMTP settings again I'm not going to cover this in detail because I already did but this is basically the SMTP settings to use a gmail account or elles to send emails through this gmail account okay this is all done now let's create the scaffold for the post so let's put jails rails G scaffold post and I want the title which is going to be string and I want content she's text okay created all the files and now what I want to do is actually um create a home controller so let's type rails G controller home with an index action just to manage users I mean I want to redirect users if they are signed in or not so let me clear this okay and if I come here and before that actually I already created the home controller that's fine let's create a new controller here and we're going to call it registrations controller dot RB what this controller is going to do is overwriting the parameters for a device and why is that it's because I want to to add a name field on our on our database so if you if you scroll down here to the DB migrate and open the migration you can see that the device model doesn't have an a name field but I want to I want to be able to call my user by its name so to do this we just have to do I'm going to paste this code that I have here we're going to paste it and then I'm going to explain it so we create a new controller registration control that inherits from device registrations controller so this is going to override device defaults so basically it's just two private functions to override the parameters and the only thing we have to put is this field here this is the only the main difference the only thing that is going to override is this parameter here and now let's go to the here and add a user name so T don't string name okay so I'll set the left thing is go under the route and instead of let me just go here to the config route so tar be instead of just device for users we want to add this line of code here controllers registrations in our registration controller let's change this to not to get but to route so this is going to be our route route okay and now let's set up our our home controller so this is very simple I just want to do a basic if-else statement and in here I'm going to use devices helpers as you can see here device gives you some control or filters and helpers the first one is this one is pivot it's a before action which this basically it does is them you put this before action on the controller that you want and the application is going to force the user to authenticate before using the controller so it will not allow you to use the controller if you are not signed in so let me put it on the post controller because we don't want the user to be able to do posts if they are not sign-in so let's just type this before action I'll tend to get user okay you can close this now in here on the under the home controller we want to use this user sign-in helper here and we want to check if it is sign in so if user is signed in I want to be redirected either direct to sorry to posts path oh so many types we direct to posts path if it's not now well redirect to new user session path okay okay now let's just add a little basically the same thing on the application dot HTML under the views and why is that because I want to type something here I have a code here already and I can I'm going to paste it before the yield tag and after the body just type this if statement it's very simple as you can see so if the user is signed in well put hello and give me the current name and then the link to sign out if I want okay as you can as you've noticed I didn't migrate the any table yet and the reason why it's because I want to actually do some changes over here I want to explain it one by one so this is the default migration that device gives you if you open via the model here the user model you can you can see how how how can you the way you set up your models and it's very easy and the only thing you need to do is type your the module that you want to include on under your user model class and then it just a ad or a comment out via columns that you don't need so this is this is the default device settings so as you can see it's database authentic cable of course registerable these two are always in order I mean you always need these two modules to have a basic authentication system but then it's recoverable as you can see here recoverable its rememberable it's trackable you can see and validate able so it actually does some validations so let's let's break the legs um let's migrate to the table sorry so that we can see what we have so far okay so everything said it's done let's restart the server let's see what we have so far let me refresh it okay go to the login now let me let me try and sign up let me put a name like Kevin Kevin my email or app the password is password password okay as you can see hello Kevin I'm now sign-in and I can create I post okay let's destroy it and let's sign out okay cool Wow let me teach you let me show you just them one by one soap recoverable so if you forget the password you are able to get it and how's that as you can see here forgot your password if I press this link here I can put my email here and send me reset password instructions and now if I come here to my email you see I already receive it reset password instructions okay someone has requested a link to change your password so if I type if i press this link over here you can see it get me to this reset password page and I can put my new world it's got a called password again of course change the password and I'm signed in okay so as you can see this is the remember but they could the recoverable module so the rememberable it's very simple is it's only this this this cookie that italy puts on the under the browser if i if i don't have this in here and of course the module here rememberable basically this checkbox disappears now trackable the best way to show you the trackable what is doing it if is to go here to the terminal and type rails see let me put let me use the first user okay now all of these fields here remember created add sign-in count current sign-in add last sign-in add and current signing IP lesson in IP as well okay so all of these fields here are these fields here so if you want it to be a trackable all those fields are going to be add to your table so let's go ahead and let's check the conformable so to do this we're gonna migrate the table down because if you want to do it again so best way to do it is let's stop the rail server and let's do rake DB migrate and you put version zero this is going to migrate the table to to kneel are are to the version zero so the start off so let's clear the console and now let's go ahead here and uncomment this confirmable and of course we have to go to the user model and add this here so it is confirmed ball now now let's see what this does let's start the server let's go let's go again here user sign in okay so I have to migrate the table of course I forgot Reiki be migrate okay refresh it well this would be nice of course okay now rails s ok let let's go to the user sign in and you see here you can see it already you have we have a new link here it's didn't receive confirmation instructions so if I go to the signup let me put John my mailer app password password and press enter check you see now it redirect me to the login page again he didn't sign it sign me in but if I come here to my gmail I can see here confirmation instructions you can confirm your account email through the link below ok so I press the confirm it gonna send me to the a login page again and now I confirm it and I'm logged in this is what the this is what your confirmable it's doing so I have just two more modules to show one is the unlockable which I'm going to do right now so let me migrate back again let's do it to the version zero okay now let's add lockable okay lockable it is now we just we just come here and we add is lockable here another thing we need actually is to use the let me show config and that the initializer is divided our be okay if we are using the the lockable there are some changes we need there some configurations we need to do here so let me just search for lock global ok and here it is lockable and we have to define a strategy a strategy to login account so you want to config lock strategy at fail attempt so if a user do a lot of attempts and fails we want to use the email as key when locking and unlocking an account the strategy to unlock now we want the email of course the email and in here we can put the config maximum at a time so just for trying out we going to put two attempts okay and that's all there is to it so let's start server before or we have to migrate the table maybe migrate okay and now rails s so now it's lockable and here as well so let's go in here put sign out mm-hmm AC already a new link here didn't receive analog instructions so now let's do that mistake on purpose so pass one mistake let me try again Pass and you see it's took taking a little Y okay and why is that now if I type the password correctly it doesn't matter because the account is now blocked if I come here to my mail I can see here I received an email say unlock instructions if I click here unlock my account you send me send me back to the login page and now if I put the password correctly okay it is unlocked now see it's very easy to implement them and very powerful as you can see let me see what we have to show what I have to show you okay so we've covered the database identical so this is the of course the email encryption of the password recoverable is the if you want to reset the password remember with that cookie we've talked about trackable if you want to get some data out of the sign-ins confirmable and lastly lockable I just have one more module to show you which is time audible so first the only thing we actually need to do we don't have to do any migration because it will not create an extra field but what we actually need to do is put the all over here of course reference the module here and we need to go to the device dot e RB and I think it's right below okay it's not below but it's above the lockable you have die mountable and what the only thing we need to do actually is config timeout in and just for the testing purpose let's put like five seconds so what what this will do is I'm going to login and I'm going to have a session and after five seconds my section will be destroyed so I should not be locked in anymore so let's try it let's refresh it okay let's go to our application now users sign in okay so I'm logged in now you see I've logged in and the five seconds have passed so if I press the new post link it should redirect me back to the login page so let's try it and as you can see the session is expired okay let me refresh it and you see that we've been redirected to the login page so let's recap all we have covered on this tutorial and you already know how to make a login form and a signup form notice here that this signup form has an extra field that we had on the registrations controller back to the login form you already know how to set the air remember me functionality through the rememberable module if we forgot the password if you get the password you already know how to set a new one we know how to add the confirmation feature as well and if you try and fail to log into your account a certain number of times the account will be locked and you already know how to unlock it so one thing I would like to mention is that each of these views that you are seeing here users passwords of new I forgot the password all of these views can be of course styled with with CSS if you come here to your to your sublime I don't know why I closed it let me just reopen it them in here under the views folder device and all those views are in here so as you see passwords the edit the new password the registrations forms the the login form it's all here so you can let style as as you want it so this is a full functioning user authentication system that you can implement in your website so I hope you find it useful and see you again in another step cast
Info
Channel: Codeplace
Views: 38,782
Rating: undefined out of 5
Keywords: codecast, ruby on rails, rails, stuk, stuk.io, devise, user, authentication, code, how to, learn
Id: ZEk0Jp2dThc
Channel Id: undefined
Length: 27min 16sec (1636 seconds)
Published: Thu Jan 08 2015
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.