Creating a Login for your Rails Application

All of us have had many experiences on the web. Countless things can bring anyone to the internet. All of us have seen different things throughout our time surfing the web, but all of us can share one experience together. Thousands of times.

maybe possibly probably one of the times we needed to login

We all have seen something along these lines plenty of times, for better or worse. We are so desensitized to seeing the ‘Create an account’ and ‘Login’ features on most websites, that we never really even pay attention to them anymore. If you’re not signing-up, you’re signing in. It is to the point where a lot of people — myself included — have created multiple email addresses to sacrifice to these websites so that they can keep their most used email clean of silly promotions. It wasn’t until my second phase of my time at The Flatiron School working on real rails applications where I realized there was a lot going on here. I couldn’t believe how many steps were involved in a username and password. Hopefully this breakdown can be a cheat sheet for any rails developers as they create a secure login to their application.

You can begin in many ways as there are so many steps, but I will just be showing what works best for me. For this walkthrough, I will include the steps for the password in the username section to avoid migrations later.

Create a user model:

rails g resource user name password_digest

Create a custom route for login:

get “/login”, to: users#login

Create a login action on users controller:

def login
   render :login
end 

Build a login page:

#inside view/user login.html.erb 
<%= form_tag login_path do %>
<%= label_tag :name
<%= text_field_tag :name %>
<%= label_tag :password %>
<%= password_field_tag :password %>
<%= submit_tag “login” %>
<% end %>

Here forms automatically send a post request.

We will need to make a route for that post request to a new action. I chose process_login.

“post “/login”, to: “users#process_login”

Back to the users controller to create that (see how this can be confusing to someone who began programming two months ago).

def process_login
   user = User.find_by(username: params[:username])
   if user
      session[:user_id] = user.id
      redirect_to whatever
   else
      render :login
   end
end

Time to logout. As usual lets get a route set up.

route (get “/logout”), to: “users#logout”

Back to the users controller to add logout.

def logout
   session.clear
   redirect_to :login
end

Passwords

Here I will walk through the way to add passwords to pair with your username.

bcrypt

Bcrypt is a gem in rails that can automatically take a user input as a password and turns it into some crazy code. This code can not be reversed and traced back to what the original password, but will know that the original password == the encrypted gibberish that comes out of bcrypt. Bcrypt is a gem that is already on rails that you should be able to uncomment out and bundle install.

Add has secure password macro to model to be able to use password (and while we are here we should make some validations to save time).

class User
has_secure_password
validates :name, presence: true, uniqueness: true

end

Now we are going to be able to make a sign up page (new and create user).

Since this won’t be a custom route we can stick with RESTful routing shorthands.

resources :users, :only [:new, :create]

Back to the users controller to build this out.

def new
  @user = User.new
end
def create
   user = User.new(strong_params)
   if user.save
      session[:user_id] = user.id
      redirect_to whatever
   else
      render :new
   end
end
private
def strong_params
   params.require(:user).permit(:name, :password)
end

Now the form for the new user after you create the new view.

inside app/views/users new.html.erb
<%= form_for(@user) do |f| %>
<%= f.label :name %>
<%= f.text_field :name %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.submit "submit" %>
<%= end %>

We now need to update our previous process login action in the controller since we are handling passwords and sessions now.

def process_login
   user = User.find_by(username: params[:username])
   if user && user.authenticate(params[:username])
      session[:user_id] = user.id
      redirect_to whatever
   else
      render :login
   end
end

This should cover the basics of creating a login with a username and password to your rails application. I will continue to use this myself as a cheat sheet in the future and hopefully this helps you keep track of the many steps.