Creating a Login for your Rails Application

All of us have had many experiences on the web. Countless things can bring anyone to the internet. All of us have seen different things throughout our time surfing the web, but all of us can share one experience together. Thousands of times.

maybe possibly probably one of the times we needed to login

We all have seen something along these lines plenty of times, for better or worse. We are so desensitized to seeing the ‘Create an account’ and ‘Login’ features on most websites, that we never really even pay attention to them anymore. If you’re not signing-up, you’re signing in. It is to the point where a lot of people — myself included — have created multiple email addresses to sacrifice to these websites so that they can keep their most used email clean of silly promotions. It wasn’t until my second phase of my time at The Flatiron School working on real rails applications where I realized there was a lot going on here. I couldn’t believe how many steps were involved in a username and password. Hopefully this breakdown can be a cheat sheet for any rails developers as they create a secure login to their application.

You can begin in many ways as there are so many steps, but I will just be showing what works best for me. For this walkthrough, I will include the steps for the password in the username section to avoid migrations later.

Create a user model:

Create a custom route for login:

Create a login action on users controller:

Build a login page:

Here forms automatically send a post request.

We will need to make a route for that post request to a new action. I chose process_login.

Back to the users controller to create that (see how this can be confusing to someone who began programming two months ago).

Time to logout. As usual lets get a route set up.

Back to the users controller to add logout.


Here I will walk through the way to add passwords to pair with your username.


Bcrypt is a gem in rails that can automatically take a user input as a password and turns it into some crazy code. This code can not be reversed and traced back to what the original password, but will know that the original password == the encrypted gibberish that comes out of bcrypt. Bcrypt is a gem that is already on rails that you should be able to uncomment out and bundle install.

Add has secure password macro to model to be able to use password (and while we are here we should make some validations to save time).

Now we are going to be able to make a sign up page (new and create user).

Since this won’t be a custom route we can stick with RESTful routing shorthands.

Back to the users controller to build this out.

Now the form for the new user after you create the new view.

We now need to update our previous process login action in the controller since we are handling passwords and sessions now.

This should cover the basics of creating a login with a username and password to your rails application. I will continue to use this myself as a cheat sheet in the future and hopefully this helps you keep track of the many steps.

Student at The Flatiron School in Washington DC